Images

Classifications

G06F8/654—Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories

Abstract

Disclosed herein is an electronic device network for lifecycle management of firmware and software in electronic devices. The electronic device network may also be adapted to manage configuration parameters in the electronic devices. Lifecycle management provided by the electronic device network may include firmware and software downloading, firmware and software updating, and remote locking and remote enabling of electronic device capability. An update store module in the electronic device network may be adapted to dispense update packages to requesting electronic devices. The electronic devices may employ one or a plurality of update agents to update software and firmware therein. A boot loader in the electronic device is capable of determining whether an update agent is to be invoked or whether a previous backup copy of the update agent in non-volatile memory is to be invoked upon determining, based upon status information, that an update is to be conducted, rather than a normal startup operation without updates.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims the benefit of U.S. Provisional Patent Application Ser. No. 60/503,932 entitled “Network For Updating Mobile Handsets”, filed Sep. 17, 2003, the complete subject matter of which is hereby incorporated herein by reference in its entirety.

The present application also hereby incorporates herein by reference in its entirety, the complete subject matter of U.S. Provisional Patent Application 60/428,069, filed Nov. 11, 2002.

The present application also hereby incorporates herein by reference in its entirety, the complete subject matter of PCT Application having publication number WO 02/41147 A1 and PCT application number PCT/US01/44034, filed on Nov. 19, 2001.

The present application also hereby incorporates herein by reference in its entirety, the complete subject matter of U.S. Provisional Patent Application 60/249,606 filed on Nov. 17, 2000.

FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

[Not Applicable]

MICROFICHE/COPYRIGHT REFERENCE

[Not Applicable]

BACKGROUND OF THE INVENTION

Electronic devices such as mobile phones and personal digital assistants (PDA's) often contain firmware and application software that are either provided by the manufacturers of the electronic devices, by telecommunication carriers, or by third parties. These firmware and application software often contain software bugs. New versions of the firmware and software are periodically released to fix the bugs, to introduce new features, or both.

Electronic devices, such as mobile handsets, access servers to retrieve update packages that are needed to update firmware and/or software. When thousands of mobile handsets simultaneously attempt to access the servers, some of them may not be able to get connected. There is a need for wireless networks to determine if individual mobile handsets can be updated. There is a need for wireless networks to facilitate downloading of update packages by mobile handsets.

Creating efficient and compact update packages for firmware/software updates is a big challenge. Managing update packages efficiently in a carrier network is also a great challenge. Managing the lifecycle of firmware and software in electronic devices, such as mobile handsets, is a complicated and important task.

Updating the updating software (update agent) in a wireless mobile electronic device may be challenging. If the update is not installed and executed properly, the update agent may be rendered corrupted or inoperable. Collecting updates (update packages from a plurality of sources in a secure mode may be challenging. Providing the electronic devices with downloadable access to the collected update packages may employ complex management tasks.

Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of ordinary skill in the art through comparison of such systems with the present invention as set forth in the remainder of the present application with reference to the drawings.

SUMMARY OF THE INVENTION

Aspects of the present invention may be found in an update process-able by updating software. The update may comprise at least one modifiable download state associated with the update and at least one download group associated with at least one download state. The update may be associated with at least one download group. The updating software may be adapted to process a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device.

In an embodiment according to the present invention, the at least one download state may indicate that an update associated with the at least one download state is authorized for downloading.

In an embodiment according to the present invention, the at least one download state may indicate that an update associated with the at least one download state is unauthorized for downloading.

In an embodiment according to the present invention, the at least one download group may comprise at least one update authorized for downloading.

In an embodiment according to the present invention, the update may be associated with the at least one download group based upon the at least one download state of the associated update.

In an embodiment according to the present invention, the at least one download group may comprise a grouping of electronic devices authorized to download the update.

In an embodiment according to the present invention, the at least one download group may comprise at least one update unauthorized for downloading.

In an embodiment according to the present invention, the update may be associated with the at least one download group based upon the at least one download state of the associated update.

In an embodiment according to the present invention, the at least one download group may comprise a grouping of electronic devices unauthorized to download the update.

In an embodiment according to the present invention, the at least one download group may comprise a non-removable download group. The non-removable download group may comprise a grouping of electronic devices permitted to download the update regardless of client identification and authorization.

In an embodiment according to the present invention, electronic devices in the non-removable download group may share a particular parameter value.

In an embodiment according to the present invention, the particular parameter value may comprise unique hardware identification associated with one of the electronic device and a particular electronic device manufacturer.

In an embodiment according to the present invention, the particular parameter value may comprise a version of the one of firmware and software to be updated.

In an embodiment according to the present invention, the particular parameter value may be employed to facilitate selection of an update to be downloaded to an electronic device. The particular parameter value may be selected from at least one of electronic device model identification, electronic device manufacturer identification, a firmware version, a software version, an electronic device international mobile equipment identifier IMEI, a telephone number, and a device unique identification.

In an embodiment according to the present invention, the particular parameter value may also comprise a parameter request. The electronic device may be adapted to respond to the parameter request by transmitting a requested parameter.

Aspects of the present invention may also be found in an update management system comprising a server adapted to evaluate an update to determine at least one download state and at least one download group associated with the update. The update may comprise a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device.

In an embodiment according to the present invention, the server may be adapted to prioritize a plurality of matching updates by evaluating the at least one download state associated with each of the plurality of matching updates.

In an embodiment according to the present invention, the server may be adapted to select an update having a highest priority for updating one of firmware and software.

In an embodiment according to the present invention, the server may be adapted to select an update based upon an indicator associated with the update. The indicator may be identifiable through a conflict resolution analysis.

In an embodiment according to the present invention, a downloaded update may be quarantined and evaluated in at least one component of the system to prevent malicious attacks and electronic device damage.

In an embodiment according to the present invention, a plurality of updates may be stored in an update store module comprising non-volatile memory.

In an embodiment according to the present invention, the plurality of updates stored in the update store module may each comprise an associated update state. The update state may indicate that the plurality of updates comprises one of a new update, an update being testing, an approved update, a released update, an inactive update, and obsolete update, and a discarded update.

Aspects of the present invention may be found in a method of updating a plurality of mobile electronic devices. The method may comprise transmitting an update of one of firmware and software to a plurality of associated mobile electronic devices enabled to perform the update. The update may comprise a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device.

In an embodiment according to the present invention, the method may further comprise associating the mobile electronic devices based upon at least one of an identical electronic device make, an identical electronic device, an identical installed firmware version, an identical installed software version, an identical installed operating system, and an identically installed encryption implementation.

In an embodiment according to the present invention, the method may further comprise prompting an electronic device management system to select at least one group of associated mobile electronic devices to transmit the update to.

In an embodiment according to the present invention, the method may further comprise prompting an electronic device management system to select whether an update to be transmitted is one of a silent update and an opt-in update, and autonomously performing the silent update and prompting an electronic device end-user to authorize and participate in the opt-in update.

In an embodiment according to the present invention, the method may further comprise transmitting notifications to the associated electronic devices that an update is one of pending, in-progress, completed, failed, aborted, and successful.

Aspects of the present invention may also be found in an update generating software adapted to generate an update employable to converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device. The update generating software may comprise software interfaces supporting a plurality of compiling and linking formats and software interfaces supporting zoning a generated update.

In an embodiment according to the present invention, zoning a generated update may comprise dividing the generated update into code segments.

In an embodiment according to the present invention, zoning a generated update may comprise employing different settings and rules for updating each particular code segment.

In an embodiment according to the present invention, zoning a generated update may comprise zone management. Zone management may comprise defining at least one of a pre-processor, a write unit size, an updateable zone, an excluded zone, an updating software zone, and a reserved write unit zone.

Aspects of the present invention may also be found in software for managing updates of one of firmware and software in a mobile electronic device. The software may comprise at least one communications-handling component, at least one data transfer-handling component, at least one display-handling component, and at least one event-handling component.

In an embodiment according to the present invention, the at least one communications-handling component may comprise at least one of a short message service (SMS)-based protocol, an extensible markup language (XML)-based protocol, and a device management based protocol.

In an embodiment according to the present invention, the at least one data transfer-handling component may comprise at least one of a download protocol compatible with Open Mobile Alliance (OMA)-specification and a simple object access protocol (SOAP)-based protocol.

In an embodiment according to the present invention, the at least one display handling-component may comprise a customer care module.

In an embodiment according to the present invention, the at least one event-handling component may comprise at least one of a firmware management client and a software management client.

In an embodiment according to the present invention, the software for managing may further comprise at least one update status descriptor handling component, at least one update storage handling component, at least one electronic device reset handling component, and at least one update status notification handling component.

Aspects of the present invention may also be found in a method for managing update processing in a mobile electronic device. The method may comprise storing an update in a designated non-volatile memory location, computing an update state descriptor, and storing the update state descriptor in another designated non-volatile memory location.

In an embodiment according to the present invention, the method may further comprise booting the mobile electronic device after the update state descriptor and the update are written to respective designated non-volatile memory locations.

In an embodiment according to the present invention, the method may further comprise identifying an update status of one of firmware and software to be updated.

Aspects of the present invention may also be found in updating code adapted to process a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device. The updating code may comprise a zoning component capable of processing non-contiguous code segments, a pre-processing component for reducing a size of the updating software, at least one updateable component, a digital signature decryption component, and a verification component.

In an embodiment according to the present invention, the updating code may operate independently of an operating system employed in the mobile electronic device.

In an embodiment according to the present invention, the updating code may be compiled and linked separately from firmware and software resident in the mobile electronic device.

In an embodiment according to the present invention, the updating code may be adapted to run independent of runtime libraries, compiler supplied runtime code, and linker supplied runtime code.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1A is a block diagram of a provisioning system comprising an electronic device communicatively coupled to an electronic device network according to an embodiment of the present invention;

FIG. 1B is a block diagram illustrating an exemplary network for lifecycle management of firmware and software applications in electronic devices according to an embodiment of the present invention;

FIG. 2 is a block diagram illustrating an exemplary wireless carrier network facilitating lifecycle management of firmware and software in electronic devices according to an embodiment of the present invention;

FIG. 3 is a block diagram illustrating an exemplary server deployment system according to an embodiment of the present invention;

FIG. 4 is a flow diagram illustrating an exemplary commercial deployment method for a distributed solution according to an embodiment of the present invention;

FIG. 5 is a flow diagram illustrating an exemplary commercial deployment method of an embedded solution according to an embodiment of the present invention;

FIG. 6 is a block diagram illustrating a plurality of sub-modules in an exemplary update store module according to an embodiment of the present invention;

FIG. 7 is a block diagram illustrating an exemplary management console module in an electronic device network according to an embodiment of the present invention;

FIG. 8 is a block diagram illustrating an exemplary site structure in an electronic device network according to an embodiment of the present invention;

FIG. 9 is a block diagram illustrating an exemplary update package user interface structure in an electronic device network according to an embodiment of the present invention;

FIG. 10 is a block diagram illustrating an exemplary management console login screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 11 is a block diagram illustrating an exemplary management console header frame according to an embodiment of the present invention;

FIG. 12 is a block diagram illustrating an exemplary management console main screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 13 is a block diagram illustrating time zone selection in an exemplary management console login screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 14 is a block diagram illustrating an exemplary manufacturer management screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 15 is a block diagram illustrating an exemplary view deleted manufacturer screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 16 is a block diagram illustrating an exemplary modify manufacturer client device data screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 17 is a block diagram illustrating an exemplary view client electronic device screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 18 is a block diagram illustrating an exemplary view deleted client devices screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 19 is a block diagram illustrating an exemplary modify client device screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 20 is a block diagram illustrating an exemplary view update packages screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 21 is a block diagram illustrating an exemplary view deleted update packages screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 22 is a block diagram illustrating an exemplary update package searching screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 23 is a block diagram illustrating an exemplary update package catalog uploading screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 24 is a block diagram illustrating an exemplary parsed update packages viewing screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 25 is a block diagram illustrating an exemplary view manufacturers and update manufacturer device state definition screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 26 is a block diagram illustrating an exemplary view manufacturers and update manufacturer device lifecycle transition screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 27 is a block diagram illustrating an exemplary view roles and download group management screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 28 is a block diagram illustrating an exemplary view roles and transaction log screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 29 is a block diagram illustrating an exemplary view roles and audit log screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 30 is a block diagram illustrating an exemplary view roles and system log screen displayable on an electronic device according to an embodiment of the present invention;

FIG. 31 is a block diagram illustrating an exemplary electronic device network employing an update package request and delivery method according to an embodiment of the present invention;

FIG. 32 is a block diagram illustrating an exemplary method of update package generation according to an embodiment of the present invention;

FIG. 33 is a block diagram illustrating an exemplary electronic device network operator deployment according to an embodiment of the present invention;

FIG. 34 is a block diagram illustrating an exemplary system and interface architecture according to an embodiment of the present invention;

FIG. 35 is a block diagram illustrating an exemplary support system for electronic device updating according to an embodiment of the present invention;

FIG. 36 is a block diagram illustrating an exemplary support system for electronic device updating according to an embodiment of the present invention;

FIG. 37 is a flow diagram illustrating an exemplary commercial deployment method for a distributed solution according to an embodiment of the present invention;

FIG. 38 is a flow diagram illustrating an exemplary commercial deployment method for a distributed solution according to an embodiment of the present invention;

FIG. 39 is a flow diagram illustrating an exemplary commercial deployment method for a distributed solution according to an embodiment of the present invention; and

FIG. 40 is a block diagram illustrating an exemplary system and interface architecture according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Aspects of the present invention may be found in a method of updating firmware/software components in electronic devices. More specifically, aspects of the present invention relate to the life cycle management of firmware and software in electronic devices such as, for example, mobile handsets, cellular telephones, personal digital assistants, pagers, personal computers, etc.

Aspects of the present invention may also be found in a network adapted to collect update packages from multiple sources and disseminate the update packages to a plurality of electronic devices.

In an embodiment according to the present invention, the electronic device updating software (update agent) may be updated. However, if the update is not installed and executed properly, the update agent may be rendered corrupted or inoperable. In another embodiment according to the present invention, updates (update packages) may be collected from a plurality of sources in a secure manner. Aspects of the present invention may also be found in providing the wireless mobile electronic devices with downloadable access to the collected update packages. In an embodiment according to the present invention, the network and/or the electronic devices may be adapted to manage complex tasks, such as for example, release management, security, life-cycle management, scalability, etc.

In an embodiment according to the present invention, firmware may be considered to be software placed in a read-only memory device in an embedded system in an electronic device. Firmware may also comprise software necessary to boot, initialize, and run the embedded software.

In an embodiment according to the present invention, flash memory may be a memory resource re-programmable or writeable in the field, for example. Flash memory has many characteristics that make it distinct from other types of memory. Flash memory may also be used as read-only memory.

In an embodiment according to the present invention, a software/firmware version may be defined as identification information associated with a firmware image or software application. The identification information may be numeric, such as, for example, version 1, version 2, version 2.2, version 3a, etc., but may also be textually descriptive.

In an embodiment according to the present invention, a simple network management protocol (SNMP) may be defined as a set of specifications standardizing the way hardware, firmware, and software processes are managed and monitored over the network. One example of an SNMP may be found in Request for Comments (RFC) 1157, dated May/1990, entitled “A simple network management protocol” by Internet Engineering Task Force.

In an embodiment according to the present invention, an SNMP agent may process electronic device and network component interfaces with a managed resource wherein the managed resource is adapted to respond to requests from an SNMP Manager and send tracking/event notifications.

In an embodiment according to the present invention, a Java 2 Enterprise Edition (J2EE) environment, developed by Sun Microsystems, may be adapted to provide a set of features for software/firmware developers, including object oriented messaging, web services, database access, and database management. J2EE application servers may also store applications written within the J2EE framework.

In an embodiment according to the present invention, Java Data-Base Connectivity (JDBC) may be defined as a J2EE application program interface (API) adapted to provide access to databases from a plurality of application vendors.

In an embodiment according to the present invention, an update package may be defined as a collection of data/meta-data and update/upgrade instructions that when bundled and delivered to an electronic device update agent are adapted to facilitate firmware/software updates in the electronic devices. The data/meta-data may include information associated with loading update(s)/upgrade(s) and verifying the contents of the update(s)/upgrade(s) and associated instructions. The update/upgrade instructions may comprise a set of executable instructions for converting from one version of electronic device firmware/software to another. The update/upgrade instructions may also comprise list of program changes facilitating migration from one version of electronic device firmware to another.

In an embodiment according to the present invention, a SNMP manager may be defined as software which may be installed in console form and may be usable to query managed objects from a SNMP agent.

In an embodiment according to the present invention, a management information base (MIB) may be defined as a component of a SNMP manager adapted to refer to collection(s) of managed objects residing in a virtual information store.

In an embodiment according to the present invention, a structure of management information (SMI) may be defined as a component of the SNMP manager adapted to refer to the programming structure being applied to describe and name software/firmware objects.

FIG. 1A is a block diagram of a network 105A for updating electronic devices, such as for example, mobile handset 107A. The electronic devices, such as for example, mobile handset 107A, may be communicatively coupled via a communications link 177A to a delivery server 127A that may be located in a wireless/carrier network. The delivery server 127A may also be communicatively coupled via communications link 167A to an update store 129A. The update store 129A may comprise a repository of update packages that may be generated by an update package generator 131A. The update store 129A may also communicative coupled via communications link 169A to the update package generator 131A.

The mobile handset 107A may comprise a non-volatile memory (NVM) 109A. The NVM 109A may comprise a boot loader 111A, an update agent 113A, a firmware 117A, an operating system (OS) 119A, one or more electronic device applications 121A, and an update package 123A. The update agent 113A may be adapted to update the firmware 117A, the operating system 119A, and/or the applications 121A of the mobile handset 107A employing an appropriate update package 123A.

The update agent 113A may employ a random access memory (RAM) 125A to update the firmware 117A, the OS 119A, and/or electronic device applications 121A. Updates may be conducted in a fault-tolerant manner by update agent 113A. The boot loader 111A may be executed during startup (or reboot) and may determine whether to execute the update agent 113A.

The determination of whether to execute the update agent 113A may be made by accessing status flags stored in the NVM 109A. If an update is to be conducted, the boot loader 111A may determine whether the update agent 113A is useable or corrupted. The determination of whether the update agent is corrupted or inoperable may be made based on computing a cyclic redundancy check (CRC) or a checksum and comparing the calculated values to expected (previously computed) reference values.

During an update of the update agent 113A, for example, if the update is interrupted, then the update agent 113A may be partially updated and hence corrupted. To prevent and/or avoid such a problem, a backup copy of the update agent 113A may be created, stored, and maintained in NVM 109 prior to conducting an update. If, during a subsequent reboot or startup, it is determined that the update agent 113A is corrupted, the backup copy of the update agent 113A may be invoked by the boot loader to conduct the update.

The boot loader 111A may be capable of determining whether the update agent 113A may be invoked or whether a backup copy of the update agent 113A in NVM 109A may be invoked upon determining, based upon evaluated status information, that an update may be conducted rather than a normal startup without performing an update.

A handoff agent 199A in the mobile handset 107A may facilitate setting of status information and addresses after an update package is downloaded to the mobile handset 107A from the delivery server 127A. A download agent 188A may facilitate the downloading of update packages to the electronic devices, for example, mobile handset 107.

In an embodiment according to the present invention, a plurality of delivery servers, such as for example, delivery server 127A, may be employed. A gateway (not shown) may also be employed. The gateway may act as a generic front-end to the plurality of delivery servers, such as for example, delivery server 127A, to provide a load balancing solution for such an update package delivery environment. Multiple update package generators 131A may also be supported. One or more update package generators may be located at a remote facility, such as for example, a manufacturers design and testing laboratory. The ability to transfer a collection of generated update packages, in some form of an update package catalog, from multiple remote manufacturing facilities or from remote laboratories may also be supported by the network 105A in an embodiment according to the present invention.

Typically, the life cycle of individual update packages may be managed in the network 105A by employing a management console supported by the update store 129A, or by some other appropriate system in the network 105A. In addition, a customer care interface to the update store 129A may also be provided in an embodiment according to the present invention to enable secure browsing, and discovery and manipulation of update package status by customer care representatives, for example.

FIG. 1B is a block diagram illustrating an exemplary network for lifecycle management of firmware and software applications in electronic devices according to an embodiment of the present invention. FIG. 1B illustrates an exemplary electronic device network 105B comprising a carrier network 107B communicatively coupled to an electronic device 109B via communication link 117B. Although a single electronic device 109B is illustrated in FIG. 1B, a plurality of electronic devices may be communicatively coupled to the carrier network 107B. Electronic device 109B, for example, may comprise a mobile handset, a cellular telephone, a personal digital assistant, a pager, a personal computer, etc. The communication link 117 B may be via a wire or wirelessly. The carrier network 107B may comprise a diagnostics server 121B, a provisioning/billing server 115B, a delivery server 113B, an update store server 111B, and a device lifecycle management server 119B.

The diagnostics server 121B may be used to collect and analyze diagnostic information. The delivery server 113B may be adapted to dispense update packages to electronic device 109B. The update store server 111B may be used as a repository of update packages, associated update package files, and a database comprising a plurality of logs storing lifecycle management information associated with stored update packages.

In an embodiment according to the present invention, an update package may comprise, for example, a set of executable instructions for converting/updating/upgrading a firmware/software embedded in an electronic device. The network 105B, as illustrated in FIG. 1B, may also manage a plurality of configuration parameters associated with firmware/software executed in the electronic device 109B and dispense update packages to the electronic device 109B. Electronic device 109B may employ one or more update agent(s) 125B managing updates of software/firmware therein.

As illustrated in FIG. 1B, electronic device 109B may also comprise a download agent/loaders component 137B, a Java virtual machine (JVM) 141B, a browser/application component 131B, a security module 145B, a component management module 143B, and a diagnostics client module 147B. The download agent/loaders component 137B may be adapted to download firmware/software updates, configuration parameters, etc. The security module 145B may be adapted to store and manage security information corresponding to various segments of non-volatile memory in the electronic device 109B. The security module 145B may also be capable of supporting access to various other applications of the electronic device 109B. The security module 145B may also support encryption/decryption and management of usernames and passwords in the electronic device 109B.

In an embodiment according to the present invention, the component management module 143B may be adapted to manage existing firmware/software components and additional new software components installed upon the electronic device 109B. The component management module 143B may be adapted to facilitate license management, installation, update, upgrade, and removal of software components, software applications, etc. The component management module 143B may also be adapted to employ device characteristics module 129B and authentication unit 133B during software component retrieval and/or associated update package retrieval from the carrier network 107B. In an embodiment according to the present invention, authentication unit 133B may support at least one authentication technique.

In an embodiment according to the present invention, download agent/loaders component 137B may retrieve information such as, for example, update packages, configuration parameters, and user data from servers in the carrier network 107B. Browser/applications component 131B may also be adapted to download data and/or software components, etc. from the plurality of servers in the carrier network 107B. In an embodiment according to the present invention, download agent/loaders component 137B may be adapted to upload data, and backup software and diagnostic information collected by the diagnostics client 147B, etc.

In an embodiment according to the present invention, update agent(s) 125B may be adapted to replace JVM 141B by performing the functions associated with JVM 141B. In another embodiment according to the present invention, update agent(s) 125B may also be adapted to update JVM 141B from one version to another.

The diagnostics client 147B, in an embodiment according to the present invention, may be adapted to collect electronic device and electronic device component performance-related data/information by monitoring, tracking and evaluating events in the electronic device 109B. Performance-related data/information may comprise performance of radio frequency (RF) communications, performance of baseband communications, software application(s) performance, error statistics, exceptions, frequency of errors and exceptions, etc. In an embodiment according to the present invention, diagnostics client 147B may also be adapted to monitor electronic device events and report/communicate the events and corresponding event frequency to the carrier network 107B.

In an embodiment according to the present invention, the diagnostic client 147B may also be adapted to collect and communicate configuration parameters to an appropriate server in the carrier network 107B, which may, for example, be diagnostic server 121B or delivery server 111B. Collecting configuration parameters may be initiated via an appropriate request from a server in the carrier network 107B, such as diagnostic server 121B or delivery server 113B. Collecting configuration parameters may also be initiated by the diagnostics client 147B and/or download agent/loaders component 137B in the electronic device, for example.

In an embodiment according to the present invention, the diagnostic client 147B may collect and communicate information on errors, exceptions, and problems in the electronic device 109B to carrier network servers, such as for example, diagnostics server 121B, device lifecycle management server 119B, delivery server 113B, etc., for processing and determinative evaluation.

In an embodiment according to the present invention, the update agent(s) 125B and the firmware update agent 127B may be adapted to employ block-by-block update techniques when updating firmware/software in a fault-tolerant mode in the electronic device 109B.

Device lifecycle management server 119B, in an embodiment according to the present invention, may be adapted to manage and configure the capabilities of the carrier network 107B and the electronic device 109B communicating therewith. The device lifecycle management server 119B may retrieve electronic device information, initiate transfer of update packages from update store server 111B, retrieve changed configuration parameters, changed provisioning protocols, changed billing information, etc., from the provisioning and billing server 115B in the carrier network 107B, for example.

In an embodiment according to the present invention, retrieved capability information may comprise numbers or codes identifying capability parameters of the electronic device 109B. In an embodiment according to the present invention, retrieved capability information may also comprise lists of services subscribed to by an end-user of the electronic device 109B. In an embodiment according to the present invention, retrieved electronic device information may also comprise the amount of available memory, power level, signal strength, etc., associated with the electronic device.

The offline functionality of the electronic device 109B is an important consideration because wireless services are often narrowband and subject to fading and congestion. To support offline use of the electronic device 109B, end-users may choose to back up and remotely erase data stored on the electronic device 109B, for example, if the electronic device 109B is lost, stolen, or misplaced.

In an embodiment according to the present invention, download agent/loaders component 137B may be adapted to upload end-user data and/or end-user content stored on the electronic device 109B to at least one of the plurality of servers in the carrier network 107B for backup and/or safe keeping. The uploaded data/information may be uploaded to the device lifecycle management server 119B, for example. The uploaded data/information may subsequently be downloaded/loaded into the electronic device 109B from device lifecycle management server 119B during a recovery of the electronic device.

In an embodiment according to the present invention, update agent(s) 125B may be adapted to remotely erase end-user data/information stored in the electronic device 109B when the electronic device 109B is lost, stolen, or misplaced.

In an embodiment according to the present invention, security module 145B may be adapted to disable the electronic device 109B upon command from at least one of the servers in carrier network 107B such as, for example, the provisioning/billing server 115B. Security module 145B may subsequently enable use of the electronic device 109B, if the end-user provides valid responses to security prompts and challenges presented by security module 145B.

In an embodiment according to the present invention, electronic device 109B may be remotely locked by at least one of the servers in the carrier network 107B when, for example, the provisioning/billing server 115B determines that payment for services is overdue, or when the device lifecycle management server 119B determines that the electronic device 109B may not be used on the carrier network 107B until updated to a different configuration or different version of firmware.

The electronic device 109B may be adapted to compress data/information in order to back-up data/information incrementally at the device lifecycle management server 119B or diagnostics server 121B. The data/information stored on the electronic device 109B may not be transferable all at once when a backup is undertaken and may be transferred in a plurality of data packets or files.

In an embodiment according to the present invention, the device lifecycle management server 119B may be adapted to maintain a software inventory of software components available in the electronic device 109B. The software inventory may be maintained at provisioning/billing server 115B. The device lifecycle management server 119B may be adapted to access the software inventory information.

The provisioning/billing server 115B may be adapted to initiate provisioning of new software applications and end-user services in the electronic device 109B. Provisioning may be facilitated by delivery server 113B, while downloading of configuration parameters and software/firmware may be facilitated by download agent/loaders component 137B. Updating firmware components may be facilitated by firmware update agent 123B and updating software components may be facilitated by update agent(s) 125B.

In an embodiment according to the present invention, updating operating system components may also be facilitated by a first update agent 125B, and a second or the first update agent 125B may facilitate updating software application components.

In an embodiment according to the present invention, the backed-up information stored on the electronic device 109B may be accessible by download agent/loaders component 137B and/or browser/application component 131B.

In an embodiment according to the present invention, locking electronic device 109B, for instances when the electronic device is lost or stolen, may be accomplished by erasing data/information (e.g., user's personal data located in an end-user data segment of the electronic device) and/or by disabling an end-user interface.

In an embodiment according to the present invention, initiation and management of routine and/or critical software/firmware maintenance in electronic device 109B may be conducted by diagnostics client 147B and/or component management module 143B.

In an embodiment according to the present invention, electronic device 109B may be a mobile handset capable of operating in a wireless carrier network 107B. The mobile handset may comprise firmware 123B and a firmware update agent 127B for updating the firmware 123B, an update agent 125B for updating software components such as, for example, JVM 141B, and additional update agent(s) 125B for updating operating system components, for example.

In an embodiment according to the present invention, delivery server 113B and update store server 111B may be located in a network server component. In an embodiment according to the present invention, functionality of update store server 111B and device lifecycle management server 119B may also be combined in one network server component. Other combinations of network server-side functionality within carrier network 107B are also contemplated.

The wireless electronic device network 105B may also be capable of managing configuration parameters in a plurality of electronic devices such as, for example, electronic device 109B. In an embodiment according to the present invention, firmware/software lifecycle management, for example, may be provided by the wireless electronic device network 105B. Firmware/software lifecycle management may comprise, for example, firmware and software downloading, firmware and software updating, associated update file uploading and downloading, remote locking and enabling of the electronic device 109B capability, etc. Update store server 111B in the wireless electronic device network 105 may be adapted to dispense update packages to the electronic device 109B. The electronic device 109B may employ update agent(s) 125B to update software and a firmware update agent 127B to update firmware 123B.

In an embodiment according to the present invention, electronic device 109B may comprise, for example, a mobile handset, such as, a cellular phone. The cellular phone may be adapted to update firmware and software components embedded therein. The cellular phone may also be adapted to perform diagnostic operations and communicate diagnostic information to carrier network 107B for collection of diagnostic statistics in diagnostics server 121B. Diagnostics communications may be evaluated in the carrier network 107B to determine appropriate update packages for installation in the cellular phone to fix bugs, change device configuration, and improve device performance.

FIG. 2 is a block diagram illustrating an exemplary wireless carrier network 205 facilitating lifecycle management of firmware and software in electronic devices according to an embodiment of the present invention. The wireless carrier network 205 may be adapted to facilitate lifecycle management of firmware and software in electronic devices by employing light-weight service integration layers 211, 215 in delivery server 213 and update store server 217, respectively. The lightweight service integration layers 211, 215 may be adapted to integrate different service features providing lifecycle management services.

In an embodiment according to the present invention, the light-weight service integration layers 211, 215 may provide simple object access protocol (SOAP) and extensible markup language (XML)-based connectivity to the service features (service interface) supported by the device lifecycle management server 219, the diagnostics server 221, the provisioning/billing server 223, and the customer care server 225. The light-weight service integration layers 211, 215 may provide an XML and hypertext transfer protocol (http)-based interface to functions or commands provided by the device lifecycle management server 219, the diagnostics server 221, the provisioning/billing server 223, and the customer care server 225.

In an embodiment according to the present invention, specific functions and/or commands provided by, for example, the delivery server 213 or the update store server 217 may be translated into a sequence of interactions (SOAP or http-based). These interactions may be with one or more additional servers such as, for example, device lifecycle management server 219, the diagnostics server 221, the provisioning/billing server 223, and the customer care server 225.

An update management system for electronic devices in an electronic device network, according to an embodiment of the present invention, may comprise an update store server 217. The update store server 217 may be adapted to store, manage, and distribute user-defined-rules, update packages, and associated update package files. The update store server 217 may be managed via a user friendly, web-based interface through a management console module. In addition to update package management related tasks, the update store server 217 may be adapted to facilitate user management, transition logging, audit logging, system logging, and system administration features in a carrier network server component, as illustrated in FIG. 2. The update store server 217 may also be a part of the update management system. The locations of where the modules may logically be deployed are illustrated in FIG. 3, as described below. For example, a plurality of update store modules may reside in a J2EE application server in a single computer, or the modules may be deployed in hardware of a respective electronic device.

Aspects of the present invention may be found in an update store adapted for use with an update package generator in an electronic device network. The update store may also be associated with an update management system.

Aspects of the present invention may also be found in an update store module associated with an update management system. The update store module may be adapted to store, manage (via user-defined-rules), and distribute update packages to a plurality of electronic devices associated with an electronic device network. The update store module may be managed via a user-friendly, web-based interface through a management console module. The update store may also be capable of facilitating user management, logging/auditing, and system administration features in a plurality of carrier network server components.

A version is an identification attached to a firmware/software image. The identification may be alphabetical, numeric, and/or descriptive in some other way.

An SNMP agent may comprise processes facilitating interfaces between electronic devices and the network. The SNMP agent may be adapted to respond to requests from an SNMP manager and send event notifications, for example.

The Java 2 Enterprise Edition (J2EE) environment may provide a rich set of features for software developers, including object oriented messaging, web services, database access and management. J2EE application servers may also provide a container for applications written within the J2EE framework.

Java Data-Base Connectivity (JDBC) may comprise a J2EE application program interface (API) adapted to provide consistent access to databases from various vendors.

An SNMP manager may comprise a console that an end-user may use to query managed objects from the SNMP agent.

A management information base (MIB) may comprise a collection of managed objects residing in a virtual information store. The MIB may also be part of the SNMP manager.

The structure of management information (SMI) may also be a part of the SNMP manager and may comprise a structure used for describing and naming objects.

FIG. 3 is a block diagram illustrating an exemplary server deployment system 305 according to an embodiment of the present invention. FIG. 3 illustrates where the system modules may logically be deployed. A plurality of update store modules, for example, update store module 317, may reside in a J2EE (container) application server in a single computer, or the update store modules may be deployed in the hardware of a respective electronic device.

The update store module 317 may comprise an administration module 373, a network management module 371, a lifecycle management module 375, an audit logging module 377, and an object store module 379. The update store module 317 may use the simple object access protocol 1.1(SOAP 1.1) 388 to interface with other system components. Additionally, the update store module 317 may also follow the SNMP standards 341 for system management of configurations and alarms, and for interfacing with additional system components.

FIG. 3 also illustrates an exemplary configuration where modules may be logically deployed according to an embodiment of the present invention. The modules may be in the same J2EE application server in one computer, or may be deployed in a corresponding hardware device.

The update store module 317 may be implemented using the Java 2 Enterprise Edition (J2EE) and/or other server-side frameworks, such as for example:

Apache Jakarta Project such as Struts, and log4J debugging tools, and other Apache Projects such as Xerces, Xalan, and Ant; and other frameworks such as Java document object model (JDOM), a Java-based solution for accessing, manipulating and outputting extensible markup language (XML), and generic language universal environment (GLUE).

The update store module 317 may be extensible through interfaces by leveraging server-side application frameworks. Additionally, services provided by the update store module 317 may apply industry standard interfaces to maximize the ease of integration into/between existing systems and third-party systems. The update store module 317 may also support the SOAP 1.1 protocol 388 as a remote procedure call interface for public system services.

A management console module 350 comprising a management console 353 may manage the user interfaces to the update store module 317. The management console module 350 may also comprise a remote logger 355 for monitoring and logging electronic device activity and network activity.

The update management system 305 may be scalable in order to support hundreds to thousands or millions of electronic devices, such as mobile device 309, for example. In a high-volume production environment, delivery modules, such as delivery module 360, may be adapted to be session-clustered to handle update package requests and responses from the numerous electronic devices, such as, mobile device 309. Behind the plurality of delivery modules, such as delivery module 360, there may be another cluster of update store modules, such as, update store module 317. By using J2EE containers and network load balancing solutions, both the delivery module 360 and the update store module 317, or clusters thereof, may be adapted to provide both fault-tolerant operation modes and scalable performance.

The update store module 317 may offer a plurality of security mechanisms to protect electronic device components and leverage the application servers' runtime security policies. The update store module 317 may also support basic authentication and encryption passwords.

For example, the management console 353, a component of management console module 350, may require a valid pair of a username and a password to access a particular application. Definition and management of usernames and passwords may be managed through management console 353. The only interface that may involve further access control is the update store 317. The customer may be expected to setup a lightweight directory access protocol (LDAP) repository that will control access to the update store 317. This access control may apply to users of the management console 353, users of the update generator 307 when attempting to communicate with the Application Server, and anyone that directly accesses the update store 317. The update store 317 may comprise a license key that may be used during software/firmware installation. The installing server device may also require a valid license key before installation can take place.

To secure a channel, the update generator 307 deployed in a workstation 303 or other network device and/or browser(s) 308 may be adapted to use a secure socket layer (SSL) to encrypt server communication. The SSL protocol may provide verification of the update store module (317) server identity and integrity of exchanged conversations from modification and interception. The workstation 303 and/or browsers 308 may be adapted to communicate with the management console module 350, and the rest of the electronic device network 305 via hypertext transfer protocol(s) (http) 311. http is the protocol used for moving hypertext files across the Internet. http requires an http client program on one end and an http server program on the other end of a communication link.

Similarly, SSL may be used for communications between a delivery module 360, or cluster thereof, and the update store module 317, or cluster thereof. The delivery module 360 may comprise a request handler module 363, a protocol handler module 365, an update formatter module 367, a remote logger module 369, and a cache manager module 368. Additional security mechanisms may also be applied by a networking layer's router or firewall to restrict access to the update store module(s) 317 to a fixed, known, and/or predetermined list of respective delivery module(s) 360.

SSL or other networking security, including a virtual private network (VPN), may be used to ensure valid access to the update store module(s) 317 from third-party delivery/device management servers.

With a distributed solution, the update store module 317 may act as a content server component together with a 3rd party device management solution.

FIG. 4 is data flow diagram illustrating an exemplary commercial deployment method 405 for a distributed electronic device network solution according to an embodiment of the present invention. According to an embodiment of the present invention, a partner customer care console (PCCC) 491 may be adapted to send an update notification (4-1) to a partner device management server (PDMS) 490. The PDMS 490 may be adapted to push the update notification (4-2) to the partner device management (DM) agent/firmware management (FM) client (PDM/FM) 493. The PDM/FM 493 may be adapted to respond by sending electronic device profile information and end-user subscriber information (4-3) to the PDMS 490. The PDMS 490 may be adapted to request update package information (4-4) from the update store module 417. The update store module 417 may be adapted to respond to the information request by returning/transmitting the requested update package information (4-5) to the PDMS 490.

The PDMS 490 may be adapted to transmit the update package information (4-6) to the PDM/FM 493 wherein the PDM/FM 493 may be adapted to transmit a confirmation of the update package requested (4-7) associated with the transmitted update package information to the PDMS 490. The PDMS 490 may be adapted to transmit the universal resource locator (URL) (i.e., server location) of the update package (4-8) to the PDM/FM 493.

The PDM/FM 493 may transmit the electronic device profile information (4-9) to the delivery module 460. The delivery module 460 may request the update package (4-10) from the update store module 417, wherein the update store module 417 may respond by transmitting the update package (4-11) to the delivery module 460. The delivery module 460 may download the requested update package (4-12) to the PDM/FM 493.

The PDM/FM 493 may transmit the update package (4-13) whole or in parts to the update agent 425, wherein the update agent 425 may facilitate and perform the update/upgrade (4-14) on the electronic device'(s) software/firmware. The update agent 425 may respond by transmitting confirmation of update package completion (4-15) to the PDM/FM 493. The PDM/FM 493 may transmit a confirmation that the update is complete (4-16) to the PDMS 490.

Exemplary functions of the update store module 417 may comprise responding to update package information requests using an update package descriptor file (not shown); responding to update package information requests coming from delivery module 460 with an update package; auditing a trail/log consolidator for all of the plurality of delivery module(s) 460; and centralizing management via a management console of a cluster of electronic device components.

Exemplary functions of the delivery module 460 may comprise scalable deployment via a plurality of delivery module(s) 460 to manage large numbers of update package information requests from a plurality of mobile electronic device clients; retrieving requested update packages from a cache or the update store module 417, and delivering update packages to the plurality of client' electronic devices using the appropriate corresponding protocol and data format.

The embedded solution may be different from the distributed solution because the delivery module 460 may be embedded in the 3rd party device management/delivery server solution.

FIG. 5 is a data flow diagram illustrating an exemplary commercial deployment method 505 of an embedded electronic device firmware/software update solution according to an embodiment of the present invention. According to an embodiment of the present invention, a partner customer care console (PCCC) 591 may be adapted to send an update notification (5-1) to a partner device management server (PDMS) 590. The PDMS 590 may be adapted to push the update notification (5-2) to the partner DM agent/FM client (PDM/FM) 593. The PDM/FM 593 may be adapted to respond with electronic device profile information and end-user subscriber information (5-3) to a delivery module 560 embedded in the PDMS 590. The PDMS 590 may be adapted to request update package information (5-4) from the update store module 517. The update store module 517 may be adapted to respond to the information request by returning/transmitting the requested update package information (5-5) to the PDMS 590.

The delivery module 560 embedded in the PDMS 590 may be adapted to transmit the update package information (5-6) to the PDM/FM 593, wherein the PDM/FM 593 may be adapted to transmit a confirmation of the update package requested (5-7) associated with the transmitted update package information to the delivery module 560 embedded in the PDMS 590. The PDMS 590 may request the update package (5-8) from the update store module 517, wherein the update store module 517 may respond by transmitting the update package (5-9) to the PDMS 590. The delivery module 560 embedded in the PDMS 590 may download the requested update package (5-10) to the PDM/FM 593.

The PDM/FM 593 may transmit the update package (5-11) in whole or in parts to the update agent 525, wherein the update agent 525 may facilitate and perform the update/upgrade (5-12) on the electronic device'(s) software/firmware. The update agent 525 may respond by transmitting confirmation of update package completion (5-13) to the PDM/FM 593. The PDM/FM 593 may transmit a confirmation that the update is complete (5-14) to the PDMS 590.

Exemplary functions of the update store module 517 may comprise responding to a plurality of update package information requests using an update package descriptor file; respond to update package requests; and centralize management via a management console for a cluster of update store module(s) 517.

Functions of the 3rd party device management server, for example, PDMS 590, may comprise:

handling large numbers of update package requests from a plurality of mobile electronic device clients;

retrieving requested update packages from a cache or the update store module(s) 517;

delivering update package using the appropriate protocol and data format to the plurality of client electronic devices; and

tracking successful update notifications.

FIG. 6 is a block diagram 605 illustrating a plurality of exemplary update store module 617 components that may correspond, for example, to the update store module 517 illustrated in FIG. 5, according to an embodiment of the present invention.

In order to meet the extensibility needs for the update store module 617, the update store module 617 may be designed to be modular. The update store module 617 according to an embodiment of the present invention may comprise at least the following software components:

a service handler module 664;

simple object access protocol (SOAP) communication layer 688, that may correspond, for example, to the SOAP communication layer 388 illustrated in FIG. 3, to handle service requests from a management console, a delivery module, and/or a 3rd Party software;

a lifecycle management module 675 for managing the lifecycle of update packages including subscriber groups;

The update store module 617 may also have one or a plurality of associated data storage memory device(s) 666, either externally or internally configured therewith.

FIG. 7 is a block diagram 705 illustrating an exemplary management console module 750, that may correspond, for example, to the management console module 350 illustrated in FIG. 3, according to an embodiment of the present invention. The management console module 750 may comprise a remote logger module 755, a SOAP requester module 731, an html renderer module 733, an upload renderer module 735 and a structs_jsf module 737.

Administrative tasks undertaken during daily operation of the update management system, such as for example, the update management system illustrated in FIG. 3 may be done via hypertext markup language (HTML) pages using a web browser with or without secure socket layer (SSL) (56 or 128-bits) encryption. The HTML pages may minimize use of proprietary extensions or tags to ensure compatibility with older browser versions or different browser software.

The management console module 750 may be adapted to communicate with a plurality of browsers 708 and a plurality of workstations 703. Each of the workstations 703 may comprise an update package generator 707. The browsers 708 and the workstations 703 may communicate with the management console module 750 via hypertext transfer protocol(s) (http/https) 711. https is the secure version of http. http is the protocol used for moving hypertext files across the Internet, for example. http ordinarily requires an http client program on one end and an http server program on the other end of a communication link. The management console module 750 may be a web application running in a servlet container.

FIG. 8 is a block diagram 805 illustrating an exemplary management site structure 870 for a user-friendly customer/end-user interface in an electronic device network according to an embodiment of the present invention. The site structure 870 may comprise a login screen 871 where a user name and password may be entered permitting access to the rest of the site. The site structure 870 may also comprise a main page/menu screen 872. The main page/menu screen 872 may provide a portal to a plurality of other information screens such as, for example, an update package management screen 873, a system administration screen, 874, an administration account management screen 875, an alarms screen 876, and an activity log screen 877. The above screens are exemplary and additional and other screens may be provided.

FIG. 9 is a block diagram 905 illustrating an exemplary update package, electronic device, manufacturer, and carrier hierarchy 901 for an electronic device network according to an embodiment of the present invention. Update packages, such as update packages 911-922, as illustrated in FIG. 9, may be stored in a hierarchical structure based upon an electronic device model and manufacturer update package-storing schema. FIG. 9 illustrates one way that an update store, such as for example, update store 317 illustrated in FIG. 3, may be organized in an embodiment according to the present invention. In FIG. 9, the carrier electronic device network 902 may also own the update environment.

In an embodiment according to the present invention, the carrier electronic device network 902 may comprise the top rung of the hierarchy 901, and a plurality of different carriers may be adapted to apply a similar hierarchy.

Below the carrier electronic device network 902, a plurality of manufacturers, such as for example, manufacturers 1 and 2903 may be organized. In FIG. 9, manufacturer 1 and manufacturer 2 are illustrated, for example. Although only two electronic device manufacturers 903 are shown in FIG. 9, the update package hierarchical structure may comprise a plurality of electronic device manufacturers 903. Below the respective device manufacturers 903, the respective device models 904-907 are illustrated. For example, under manufacturer 1, there are illustrated in FIG. 9, device model A 904 and device model B 905 and under manufacturer 2, there are illustrated, device model A 906 and device model B 907. Again, although only two electronic device models are illustrated for each respective electronic device manufacturer 903 in FIG. 9, the update package hierarchical structure may comprise a plurality of device models for each respective electronic device manufacturer.

Each device model may be associated with a particular collection of update packages. For example, as illustrated in FIG. 9, under model A 904 (manufacturer 1) update packages 1-3 (911-913) are illustrated, under device model B 905 (manufacturer 1) update packages 1-3 (914-916) are illustrated, under model A 906 (manufacturer 2) update packages 1-3 (917-919) are illustrated, and under device model B 907 (manufacturer 2) update packages 1-3 (920-922) are illustrated. Again, although only three update packages for each respective device model are shown in FIG. 9, a plurality of update packages may comprise the update package hierarchical structure.

FIG. 10 is an illustration of an exemplary management console login screen 1000 according to an embodiment of the present invention. Authentication to an update store module, such as for example, update store 129A illustrated in FIG. 1A, may be managed through a management console login function 1001. When a user first accesses the management console 1001, or whenever a timeout period has been reached, the user may be directed to the login page 1000 and the login process.

The login screen 1000 may comprise an administrator login window 1004 for administrator login 1015 comprising the following prompts or entries: a username or a case sensitive username 1006, a password or a case sensitive password 1007, a set time zone function 1008 and a set time zone button 1018 adapted to provide a predefined list of selectable supported time zones, and a set language button 1044 adapted to provide a predefined list of selectable supported languages. The login screen 1000 may also comprise a submit button 1010 and a reset button 1009. The login screen 1000 may also comprise a title bar 1001, a navigational toolbar 1002, a maximize/minimize button 1020, a maximize screen/restore screen button 1021, and an exit program button 1022. The login screen 1000 may also comprise an Internet address entry toolbar 1003 and a task progress bar 1011.

Management of username(s) 1006 and password(s) 1007 may be carried out from an Administration/Admin Account screen. By default, installation of the update store module, such as for example, update sore module 129A illustrated in FIG. 1A, may create a system administrator initially having username “administrator” and password “administrator” (all typed in small letters). It should be noted that the update store module may also be integrated with generic lightweight directory access protocol (LDAP) servers (not shown) in an embodiment according to the present invention.

FIG. 11 is an illustration of an exemplary management console header frame 1100 according to an embodiment of the present invention. The management console header frame 1100 illustrated in FIG. 11 may be a component of each screen in the management console. In FIG. 11, the management console header frame 1100 is shown in the update package management mode 1166, for example. The management console header frame 1100 may have a tab-based structure. The header frame 1100 may comprise functions or applications divided into the following categories activated by tabs or buttons, for example, an update packages tab 1111 comprising update package management features; a lifecycle management tab 1121 comprising defining rules for lifecycle management; a users tab 1131 comprising user management features including user information, user access rights, and user download group management; and a logs tab 1141 comprising a logging management feature including transaction-logs, audit-logs, and system-logs.

In addition to the above mentioned tabs, the header may also include links for help 1151 to an HTML-based help system bundled into the management console, an about link 1161 linking to an about screen, and a logout link 1171 permitting users to log out.

The default screen for an end-user may be an update package management screen, such as for example, the screen illustrated in FIG. 12, below for example. The current user's name 1191 and the current date/time 1181 may be displayed in the management console header frame 1100 according to an embodiment of the present invention.

FIG. 12 is an illustration of an exemplary management console view manufacturers screen 1200 according to an embodiment of the present invention. The screen 1200 may comprise a program identification bar 1201 identifying which portion of the module the user is in. The screen 1200 may also comprise a management console header frame 1266 that may correspond, for example, to the management console header 1100 illustrated in FIG. 11. In the view manufacturers screen 1200, as illustrated in FIG. 12, a user may be enabled to select from a row of functions 1277 comprising manufacturers, add manufacturers, upload update package catalog, view deleted manufacturers, and search for manufacturers. The user may also select to refresh 1288 the screen 1200 to show new or modified information. The view manufacturers screen 1200 may comprise a plurality of manufacturers listed by name 1299. A plurality of options 1297 may be associated with each manufacturer name, such as for example, details, modify, and delete.

FIG. 13 illustrates time zone selection in an exemplary management console login screen 1300 according to an embodiment of the present invention. The screen 1300 may comprise a program identification bar 1301 identifying which portion of the module the user is in. During each login, the user may be prompted to select a time zone in which all times will be displayed in for that particular session. Using web cookies, the system may be adapted to remember the last setting used for a particular browser. The time zones that are selectable may be based on a list supported by the operating system.

The login screen 1300 may comprise an administrator login window 1304 for administrator login 1315 comprising the following functions: a username or a case sensitive username 1306, a password or a case sensitive password 1307, set time zone 1308 and a button 1318 adapted to provide a predefined list of selectable supported time zones, and a set language function button 1344 adapted to provide a predefined list of selectable supported languages. The screen may also comprise a submit button 1310 and a reset button 1309.

Time zone support may allow users to see all user interface timestamps in their respective time zone. Date and time data may be stored in the system in the format of universal coordinated time (UTC). An administrator may set the default time zone for the users. Each user may override the default setting and specify a preferred time zone be saved for subsequent system access.

TABLE 1

Supported Time Zones

Offset

to UTC

Time zone

−12

International Date Line West

−11

Midway Island, Samoa

−10

Hawaii

−9

Alaska

−8

Pacific Time (US & Canada); Tijuana

−7

Arizona

−7

Chihuahua, La Paz, Mazatlan

−7

Mountain Time (US & Canada)

−6

Central America

−6

Central Time (US & Canada)

−6

Guadalajara, Mexico City, Monterrey

−6

Saskatchewan

−5

Bogota, Lima, Quito

−5

Eastern Time (US & Canada)

−5

Indiana (East)

−4

Atlantic Time (Canada)

−4

Caracas, La Paz

−4

Santiago

−3.5

Newfoundland

−3

Brasilia

−3

Beunos Aires, Georgetown

−3

Greenland

−2

Mid-Atlantic

−1

Azores

−1

Cape Verde Is

0

Casablanca, Monrovia

0

Greenwich Mean Time, Dublin, Edinburgh, Lisbon, London

1

Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna

1

Belgrade, Bratislava, Budapest, Ljublijana, Prague

1

Brussels, Copenhagen, Madrid, Paris

1

West Central Africa

2

Athens, Istanbul, Minsk

2

Bucharest

2

Cairo

2

Harare, Pretoria

2

Helsinki, Kyiv, Riga, Sofia, Talinn, Vilnius

2

Jerusalem

3

Baghdad

3

Kuwait, Riyadh

3

Moscow, St. Petersburg, Volgograd

3

Nairobi

3

Tehran

4

Abu Dhabi, Muscat

4

Baku, Tbilisi, Yerevan

4.5

Kabul

5

Islamabad, Karachi, Tashkent

5.5

Chennai, Kolkata, Mumbai, New Delhi

5.75

Kathmandu

6

Almaty, Novosibirsk

6

Astana, Dhaka

6

Sri Jayawardenepura

6.5

Rangoon

7

Bangkok, Hanoi, Jakarta

7

Krasnoyarsk

8

Beijing, Chongqing, Hong Kong, Urumqi

8

Irkutsk, Ulaan Bataar

8

Kuala Lumpur, Singapore

8

Perth

8

Taipei

9

Osaka, Sapporo, Tokyo

9

Seoul

9

Yakutsk

9.5

Adelaide

9.5

Darwin

10

Brisbane

10

Canberra, Melbourne, Sydney

10

Guam, Port Moresby

10

Hobart

10

Vladivostok

11

Magadan, Solomon Is., New Caledonia

12

Auckland, Wellington

12

Fiji, Kamchatka, Marshall Is.

13

Nuku'alofa

Table 1 illustrates an exemplary listing of supported time zones usable in an update store module according to an embodiment of the present invention.

FIG. 14 is an illustration of an exemplary view manufacturers management screen 1400 and management console header frame 1466 having a lifecycle management tab, such as for example, lifecycle management tab 1121 as illustrated in FIG. 11, selected in accordance with an embodiment of the invention. The user may be able to add a new electronic device manufacturer to the update store module if permitted by a defined user's role, for example, an administrative role.

The electronic device system may prompt the end-user for a unique name of the manufacturer, when a new manufacturer is being added, determine whether manufacturer information regarding the named manufacturer has already been entered or created, and determine whether to create a new manufacturer folder, if no previously created matching folder is located.

The end-user may also select to refresh 1488 the screen 1400 to show new or modified information. The view manufacturers screen 1400 may also comprise a plurality of manufacturers listed by name 1499, such as for example, manufacturer alpha, manufacturer beta, manufacturer gamma, and manufacturer delta. Although only four exemplary manufacturers are illustrated in FIG. 14, numerous additional manufacturers may also be listed and manipulated.

A plurality of options 1497 may also be associated with each manufacturer name, such as for example, details, modify, and delete. Although only the exemplary options, such as, for example, details, modify, and delete are illustrated in FIG. 14, numerous additional options may be listed and manipulated.

FIG. 15 is an illustration of an exemplary view deleted manufacturers screen 1500 and management console header 1566 according to an embodiment of the present invention. Deletion of an electronic device manufacturer entry/record may be permitted when the entry/record contains no associated client electronic devices. No client devices may be displayed when the electronic device network technology advances beyond the electronic device technology for a particular electronic device manufacturer, or when no continued license agreements exist between the electronic device network and the electronic device manufacturer. The actual manufacturer record represented by 1599 may or may not be removed from the database. Prior to the release of new electronic devices, unnecessary records may be marked as obsolete or deleted and may not be visible to non-administrative end-users.

In an embodiment according to the present invention, a screen may be displayed showing deleted manufacturers 1578, wherein an end-user may be permitted to undelete an electronic device manufacturer, if applicable. Once undeleted, the electronic device manufacturer record may show up in the view manufacturers screen 1500, i.e., the screen showing all active manufacturers. End-users endowed with appropriate (for example, read/write) privileges may also be able to add new client electronic devices to the electronic device manufacturer entry.

While engaging the view deleted manufacturers screen 1500, the end-user may be provided selections such as manufacturer 1577, and deleted manufacturers 1578. The end-user may also be able to refresh 1588 the screen when an entry has been changed, added or deleted. The screen 1500 may comprise a list of names of deleted manufacturers 1599, such as for example, alpha old and beta old, as illustrated in FIG. 15. Associated with each of the deleted manufacturers, an end-user may be provided with options 1507, such as for example, details and undelete.

FIG. 16 is an illustration of an exemplary modify client device screen 1600 and a management console header frame 1666 having the lifecycle management tab selected, such as for example, lifecycle management tab 1121 as illustrated in FIG. 11, according to an embodiment of the present invention. The end-user may be enabled to select from the following screen options: manufacturer 1677, manufacturer alpha 1678, for example, and modify client device 1697. The end-user may modify the manufacturer name 1621, display name 1620, and an update available message box 1622. By default, the display name 1621 may correspond to the manufacturer name 1620, as illustrated in FIG. 16. An end-user may change the display name 1620 to another name, if desired. Update package selection criteria may be based upon an original manufacturer name 1621, therefore, in some instances, a request for an update package may correspond accordingly. The modify client screen 1600 may also be provided with buttons, such as for example, save 1630, reset 1631, and cancel 1632.

FIG. 17 illustrates an exemplary view client devices screen 1700 and management console header frame 1766 having the lifecycle management tab selected, such as for example, lifecycle management tab 1121 as illustrated in FIG. 11, according to an embodiment of the present invention. The end-user may add a new client electronic device or view deleted client devices 1742 listed under a particular manufacturer name 1717 selected from a manufacturer selection 1777. The electronic device system may prompt the end-user for a name 1799 of the client electronic device, as illustrated in FIG. 17, check whether an entry for that particular model has already been created, and create a new entry if no corresponding entry is located. The end-user may also be provided with a plurality of options 1797, such as for example, details, modify, and delete.

FIG. 18 is a block diagram illustrating an exemplary view deleted client devices screen 1800 and management console header 1866, according to an embodiment of the present invention. The view deleted client devices screen 1800 may provide end-user options such as refresh 1888 and manufacturer selection 1877. An end-user endowed with appropriate (for example, read/write) privileges may be able to delete an existing client electronic device for which no corresponding update packages are being stored, exist, or are authorized. The system may be adapted to confirm the deletion via a super-administrator function, for example. The actual record corresponding to a deleted electronic/client device may not actually be removed from the database. Rather, the record corresponding to a deleted electronic/client device may be marked as deleted and may not be visible to any end-user other than an administrator of super-administrator, for example. The view deleted client device screen 1800 may show all of the deleted client electronic devices by name 1899, thus permitting an end-user to undelete the device information and see details corresponding to a deleted client electronic device 1897. Once undeleted, the client electronic device may again show up in a client device screen showing all active client electronic devices. End-users endowed with appropriate (for example, read/write) privileges may also add update packages to the electronic device entry.

FIG. 19 illustrates an exemplary modify client device screen 1900 and management console header frame 1966 having the lifecycle management tab selected, such as for example, lifecycle management tab 1121 as illustrated in FIG. 11, according to an embodiment of the present invention. The modify client device screen 1900 may provide an end-user option such as manufacturer selection 1977. The end-user may modify the client electronic device manufacturer name 1921, display name 1920, and maximum update package size (in Kbytes) 1922. By default, the display name 1920 may correspond to the client device name. The end-user may change the display name 1920 to another name, if desired. Update package selection criteria may be based upon an original client device name, and not the display name 1920. All requests for the update packages associated therewith may use a corresponding client device name. The end user may be enabled to select from the following screen options: manufacturer 1977, manufacturer alpha 1978, for example, and modify client device 1997. The modify client screen 1900 may also be provided with buttons such as for example, save 1930, reset 1931, and cancel 1932.

FIG. 20 illustrates an exemplary update package management screen 2000 and management console header frame 2066 having the update packages management tab selected, such as for example, update management tab 1111 as illustrated in FIG. 11, according to an embodiment of the present invention. The end user may be enabled to select from the following screen options: manufacturer 2077, manufacturer beta, for example, and update package NP V.666B. The end-user may add update packages under a particular client electronic device name, for example, manufacturer beta. The data format of the update package may comprise an update package catalog from an update generator. The electronic device system displayed in the screen 2000 may be adapted to verify whether the update package being added already exists in the system.

Using the update package management screen 2000, an end-user may access the following functions, for example: upload an update package catalog, the catalog comprising a list of update packages 2017 capable of and ready to be uploaded from an associated update store module, such as for example update store module 129A illustrated in FIG. 1A; delete update packages from the catalog, the catalog comprising a list of the deleted update packages that may be undeleted; and a search for update packages in the update package catalog, for example.

An update package management screen 2000, according to an embodiment of the present invention may, for example, comprise the following columns:

a source version column 2099 parsed from an update package catalog;

a target version column 2041 parsed from an update package catalog;

a size of update package column 2042 comprising the actual size of the update package, including update package metadata and security headers;

a state of the update package column 2043 comprising the current state of the update package;

a time that updating to memory takes column 2044 for each particular update package and an estimated time for firmware update processing on a mobile device using a particular update package;

a modified-on date column 2045 comprising the date of the last change to the update package and/or corresponding update package information; and

FIG. 21 illustrates an exemplary deleted update packages screen 2100 and a management console header frame 2166 having the update package management tab selected, according to an embodiment of the present invention. An end-user having appropriate (for example, read/write) privileges may delete an existing update package for a variety of reasons. An electronic device system in accordance with the present invention may confirm the deletion via a super administrator function. The end-user may be enabled to select from the following screen options: manufacturer 2177, manufacturer beta, for example, and update packages NP V.666B, and deleted update packages. The actual deleted record may be removed from the database. Rather, the deleted record may be marked as deleted and may be visible to an authorized end-user. The screen 2100 may show all deleted update packages 2117 permitting an authorized end-user to undelete a particular update package. Once undeleted, the update package may show up in the screen that shows all active update packages, such as for example, screen 2000 illustrated in FIG. 20, and end-users endowed with appropriate (for example, read/write) privileges may add update packages to the entry/record.

The update package management screen 2100 according to an embodiment of the present invention may comprise the following columns: a source version column 2199 parsed from the update package catalog; a target version column 2141 parsed from the update package catalog; a size column of update package column 2142 comprising the actual size of the update package, including update package metadata and security headers; a deleted-by column 2046 comprising the name of the end-user who deleted the update package; and a deleted-on date column 2145 comprising the date of deletion of the update package and/or corresponding update package information.

FIG. 22 illustrates an exemplary update package search screen 2200 and a management console header frame 2266, according to an embodiment of the present invention. The search criteria may comprise, for example, a manufacturer name 2220, a client electronic device name 2221, a source version 2222, and a target version 2223 of the update package being searched for. Entering the above-named search criteria into a plurality of search criteria prompt boxes may produce a list of update packages satisfying the entered criteria. The search screen 2200 may also be available from the first screen of the update package management set of screens, such as for example, screen 1200 illustrated in FIG. 12. The end-user may go back 2277 or search further 2278 for additional update packages. The search screen 2200 may also comprise a plurality of buttons, such as for example, save button 2230, reset button 2231, and cancel button 2232.

FIG. 23 illustrates an exemplary update package catalog upload screen 2300 and a management console header 2366, according to an embodiment of the present invention. An update package catalog (UPC) may be used to upload a set of update packages. The UPC may be an extensible markup language (XML) file containing binary update package images along with corresponding meta-data information, eliminating the need to specify meta-data manually. A single UPC file may contain multiple binary update package images for a particular manufacturer and corresponding client electronic devices.

An XML file may be uploaded, for example, if the corresponding manufacturer and client electronic device entries/records are present and exist on the receiving system at the time of upload. If the entries/records are not present, then the end-user may enter (add new manufacturer 2355) the manufacturer name and/or client electronic device name (add new client electronic device) and corresponding information, for example, before the upload commences. The upload screen 2300 may have links for conveniently entering manufacturer information, etc., and may provide a file location entry box 2320. Files may also be located via a browse function button 2357 and associated lookup screen.

Update package upload from an update generator, such as for example, update package generator 131A illustrated in FIG. 1A, may be implemented by opening an HTML-based upload screen 2300 directly from the update generator application, for example. From the upload screen 2300, the end user may be enabled to select the update package catalog to be uploaded 2378, or go back 2377, manage an update package parsing screen 2400, such as for example as illustrated in FIG. 24, below, upload 2331 the particular update packages to the update store module, such as for example, update store module 129A illustrated in FIG. 1A, and/or cancel the upload process 2332.

FIG. 24 illustrates an exemplary update package-parsing screen 2400 and a management console header frame 2466, according to an embodiment of the present invention. When a new update package is uploaded, the system may verify and validate the update package to ensure the integrity and validity of the update package before the update package is accepted by update store module, such as for example, update store module 129A illustrated in FIG. 1A.

By managing user roles, a system administrator may define a role for uploading only, e.g., if the end-user has the uploading role, the end-user may not access any other screens except the upload screen and the update package-parsing screen, for example.

The update package catalog from the management console application may be implemented as described above and the end-user may view parsed update packages 2477. Depending upon the end-user's access rights, one end-user may be presented with a completely different screen and program functionality from the management console that another end-user having different access rights may be presented with. After a physical file (update package, for example) is uploaded to the update store module, such as for example, update store module 129A illustrated in FIG. 1A, the update store module 129A may be adapted to parse the content and show the results to the end-user.

From the update package parsing screen 2400, the end-user may be able to select update packages to be uploaded to the electronic device system, including any additional information such as, for example, update time 2444 and update package description 2446 for each update package to be uploaded.

The update package-parsing screen 2400 may show all parsed update packages 2417 permitting an end-user to select a particular update package. Once selected, the update package may show up in the update package-parsing screen 2400 that shows all active update packages, and end-users endowed with appropriate (for example, read/write) privileges may be able to add update packages to the entry/record.

The update package parsing screen 2400, according to an embodiment of the present invention, may comprise the following columns: a source version column 2499 parsed from the update package catalog; a target version column 2441 parsed from the update package catalog; a size of update package column 2442 comprising the actual size of the update package, including update package metadata and security headers; an update time column 2444; a manufacturer name column 2445; an update package description column 2446; a corresponding client electronic device column 2448; an add button 2431; and a cancel button 2432.

FIG. 25 illustrates an exemplary update state definition screen 2500 and a management console header frame 2566 having the lifecycle management tab selected, according to an embodiment of the present invention. From the update state definition screen 2500, an end-user may be able to modify the update package states. By managing update package states, an end-user may define the lifecycle workflow for update packages in the electronic device update system. Rule-based workflow coordinates and enforces which update package may be selected, who may be permitted to download the update package, and the next state of transition for each update package.

From the state definition screen 2500, (i.e., having the state definition tab selected), an end-user may modify the update package states. From the lifecycle current configuration sub-screen 2582, an end-user may create and manage update package states for lifecycle current configuration(s) for the update store modules, such as for example, update store module 129A illustrated in FIG. 1A. From the lifecycle current configuration sub-screen 2582, an end-user may also set the following items. The end-user may be enabled to set the priority 2583 of the state 2584. Given the current lifecycle configuration, for any update package request resolved to more than one downloadable update package, the high priority (e.g., #1 being the highest) state may be selected as the update package for download. The end-user may also set the state 2584. The state 2584 may comprise the name of the state and the state name may be unique 2584.

The end-user may also set a check box 2585 to indicate that a particular update package is downloadable, for example. When the update package has the check box in the downloadable column 2585 selected, the end-user may specify a download group 2586 for the particular entry. The downloadable parameter 2585 may also be used for the lifecycle management of update packages. Downloading update package may be built upon the following restrictions, for example. There may be one source version per downloadable state. There may be multiple downloadable states provided that the downloadable states are different from each other. If the entered update selection criteria illustrated in FIG. 22, for example, retrieves more than one update package, the priority 2583 of the state may be used to identify the unique update package to retrieve.

The end-user may also set the download group 2586. If the downloadable parameter checkbox (column 2585) is not selected, the download group list box 2586 may be grayed out and may not be selectable. There may be only one state having the “group all” download group selected.

The end-user may also be able to delete a state 2591, modify a state 2592, add a new state 2593, apply an advanced state transitions rule 2594, and save update package information 2595, for example, via a plurality of buttons on the current screen 2500. The end-user may also be enabled to select a state definition sub-screen 2581 and a state transition sub-screen 2580 by selecting the appropriate tabs.

FIG. 26 illustrates an exemplary lifecycle management screen 2600 and a management console header frame 2666 having the state transition tab selected, such as for example, state transition tab 2680 according to an embodiment of the present invention. From the lifecycle management screen 2600, an end-user may be enabled to manage rules providing implementation of transitional states from any state to another. The end-user may also specify which states are the conflict resolution state 2692 and the deletion resolution state 2693. The end-user may also be enabled to select a state management button 2694 and save modifications via a save button 2695.

By default, when an end-user creates a new state, all state transitions (for example, 2684, 2685, 2686, 2687, 2688, and 2689) are unchecked. The end-user may define transitional rules before a new state is used in lifecycle management functions.

Two special states may be specified for the system. The first special state may be a conflict resolution state 2692. Update packages may be set to the conflict resolution state 2692 of the update store module under at least the following conditions. For example, due to update package management, whenever a new downloadable update package enters the system, any previously downloadable update package having the same source version may have its state changed to the conflict resolution state 2692. If there are multiple update package conflicts, all of the update packages may be changed to the conflict resolution state 2692. The rule may also be applicable to all downloadable update packages, wherein the downloadable update packages may be changed to indicate that the update packages no longer downloadable, for example.

The second special state may be a deletion resolution state 2693. When an update package indicated as being non-downloadable is to be deleted from the system, all update packages to be deleted may be indicated as such in a deletion resolution state indicator 2693, for example. An update package indicated as being downloadable may not be deleted, for example.

The update store module, such as for example, update store module 129A illustrated in FIG. 1A, may support the following lifecycle management rules. A client server, such as for example, client servers 493, 593 illustrated in FIGS. 4 and 5, may send an additional parameter in an update package request. The client server, such as 493 and 593 for example, may process the request by applying the following rules.

For example, in a default state no additional parameter may be sent. The server may only look for downloadable update packages for the downloadable group selected, permitting fast retrieval for a majority of the client server requests.

Alternatively, the update package may be sent with a parameter. The client server, such as 493 and 593 for example, may look first for any downloadable update packages in which the client server is a part of the downloadable group. In case of multiple matching update packages, then the downloadable update package having the highest priority of state may be used to identify a unique update package to retrieve. There may be only one state having “group all” download group. There may be only one source version per downloadable state. There may be multiple downloadable states for the same source version as long as the states are all different from one another. If the update selection criteria employed retrieves more than one update package, the priority of the retrieved update packages may be used to identify the unique update package to be retrieved. An end-user may not delete the state if the download group “group all” is assigned.

The conflict resolution state 2692 and the deletion resolution state 2693 may be defined using non-downloadable state indicators. The non-downloadable states assigned to the two special states may not be deleted. When the state having multiple update packages and the same source version are changed to the “downloadable state”, all of the update packages having the same source versions may also be changed to the state defined as the conflict resolution state 2692. When a state is deleted, all the states having the deleted state may be changed to the state defined the deletion resolution state 2693. A deleted state may not be downloadable.

From the lifecycle management screen 2600, an end-user may be able to modify the update package states. From the lifecycle current configuration sub-screen 2682, an end-user may be enabled to create and manage update package states for lifecycle current configuration for the update store modules. From the lifecycle current configuration sub-screen 2682, an end-user may also set the following items. The end-user may be enabled to select a state definition sub-screen 2681 or a state transition sub-screen 2680.

The end-user may be enabled to select the type of update package in an update package type column 2683. The end-user may also be enabled to provide additional information and settings by checking boxes in a plurality of parameter entry boxes and columns, such as for example, new column 2684, testing column 2685, approved column 2686, released column 2687, inactive column 2688, and discarded column 2689.

FIG. 27 illustrates an exemplary download group users management view roles screen 2700 and a management console header frame 2766 having the users tab selected, such as for example, users tab 1131 illustrated in FIG. 11, according to an embodiment of the present invention. The end-user may be a member of a download group 2781, for example. A download group 2781 may have the following attributes: a unique group name 2786, an identification parameter name 2788 determining which parameter specifies the client identification information; and a parameter value list 2784 that is a case-sensitive, regular expression matching the client identification information. An administrator may be enabled to ensure that correct values are specified to ensure the values are verified. The end-user may be enabled to add information 2744 to a download group, modify information 2745 related to a download group, and delete information 2746 related to a download group in a groups management sub-screen 2783. The end-user may also refresh 2782 the users management group view roles screen 2700 as information is modified.

An end-user account may contain the following information. Required fields which may be marked with an asterisk (*) (not shown) in an embodiment according to the present invention, for example: a unique username *, a password *, a first name *, a last name *, an e-mail address, a phone number, a mobile number, a description/notes, a role *, and an account creation date (time-stamped by the system).

An administrator may be enabled to create (add) 2744 a new user account with a unique username 2786. An initial password for a new account may twice be requested and confirmed.

An administrator may be enabled to delete 2746 an existing user account. The system may confirm the deletion before committing.

An administrator may be enabled to modify 2745 all of the attributes of any user account employing the following conditions: the user password may never be visible, the administrator may only set the user password to a new value, and the administrator may maintain a unique login name for the end-users.

There may be a default administrator role for full level access to the system, such as for example, the super-administrator role. Only the administrator or super-administrator role may be enabled to define and modify user information, system settings, and additional roles. The administrator may assign an upload-only role, wherein an end-user may insert and only insert new update packages into any folder in the system. The update store module, such as for example, update store module 129A illustrated in FIG. 1A, may create a manufacturer entry/record or client device model entry/record to support the new update package. If the update package already exists, then the new update package may replace or overwrite the old update package. The administrator may also permit an end-user with appropriate granted access to modify the update package status, for example.

User roles may be used to determine access control to update packages. Each end-user may be assigned one role and may inherit the role's associated permissions to the update packages. A role may, for example, take on the following attributes: a unique role name, and an access control permission (none, read, write, etc.) for records/entries and update packages.

An administrator may be enabled to create a new role for an end-user. The electronic device system may have, for example, a default access control matrix allowing appropriate (for example, read/write) permission for all records/entries and update packages.

An administrator may also be enabled to delete an existing role, if no end-user is assigned to the role. The system may confirm the deletion with the administrator.

There may be access control associated with update packages. The exemplary table below illustrates the behavior for appropriate (for example, read/write) permissions on records/entries (for example, manufacturers name and client model). The access control framework may be specified in a user account management section, for example.

TABLE 2

Access Rights Management

Read Permission

Write Permission

Folder

Can only see the list of

Can add update package files to

items within the folder.

the folder. (Read implied)

Table 2 illustrates a listing of access rights management according to an embodiment of the present invention.

There may be support for a download group in the update store module, such as for example, update store module 129A illustrated in FIG. 1A. A download group may comprise a grouping of client identification information identifying end-users enabled to download an update package having a particular indicated download state.

There may be a default group or non-removable download group in the update store module. The default group may, for example, permit connected clients to download update packages regardless of the client identification information provided.

The system may use the simple network management protocol (SNMP) notification mechanism to generate and receive alarm notifications. A SNMP notification may be referred to as an SNMP trap. Alarm notification messages may be sent in SNMP notification format over an electronic device carrier network to any end-user-specified SNMP console. In addition to the management information base (MIB), the update management system may provide a number of specific MIB for alarms and configurations.

A private management information base (MIB) including all managed objects may be defined. The private MIB may be defined in accordance with the structure of management information rules. A MIB may be provided by an application server and may be loaded into an SNMP console for an end-user to view, query, and manage the configuration and alarm objects.

The update management system may be managed by employing available SNMP console applications.

FIG. 28 illustrates an exemplary view roles/transaction log screen 2800 and a logs management console header frame 2866, according to an embodiment of the present invention. The update management system, such as for example, update management system 105A illustrated in FIG. 1A, may employ a plurality of logging services. The logging services may be consolidated to allow administrators a central place to review logs for all update store modules, such as for example, 129A illustrated in FIG. 1A, and delivery servers, such as for example, 127A illustrated in FIG. 1A, currently deployed. The update management system, such as for example, 105A illustrated in FIG. 1A, may maintain at least one of the following logs: a transaction log, an audit log, and a system log, for example. Each of the logs (for example, transaction log 2888 as illustrated in FIG. 28) may support at least some of the following features: a time/date range filter to limit the amount of log to be displayed sort-able in a date/time column 2891, and refreshable on a configurable interval, an action column 2892, a requester column 2893, a status column 2894, and a comments column 2895.

The transaction log may be consolidated from all the download modules currently in the update management system, such as for example, 105A illustrated in FIG. 1A. The transaction log may display detail information for each attempt from client(s) to request update packages.

FIG. 29 illustrates an exemplary view roles/audit log screen 2900 and a logs management console header frame 2966, according to an embodiment of the present invention. The audit log 2988 may provide detailed audit trails of actions performed by all end-users of the update management system, such as for example, 105A illustrated in FIG. 1A. The end-user actions may comprise lifecycle management definition and modification, modification of system parameters, and uploading of update packages, for example. Each of the logs (for example, audit log 2988 as illustrated in FIG. 29) may support at least some of the following features: a time/date range filter to limit the amount of log to be displayed sort-able in a date/time column 2991, and refreshable on a configurable interval, an action column 2992, a requester column 2993, a status column 2994, and a comments column 2995.

FIG. 30 illustrates an exemplary view roles/system log screen 3000 and a logs management console header frame 3066, according to an embodiment of the present invention. The system log 3088 may display all other remaining system activities not considered in a transaction trail/log and/or an audit trail/log. System information may be useful for administrators in troubleshooting the system. Each of the logs (for example, system log 3088 as illustrated in FIG. 29) may support at least some of the following features: a time/date range filter to limit the amount of log to be displayed sort-able in a date/time column 3091, and refreshable on a configurable interval, an action column 3092, an owner column 3093, and a comments column 3094.

FIG. 31 is a block diagram illustrating an exemplary electronic device network 3100, according to an embodiment of the present invention. Aspects of the present invention may be found in updating separate components having significant interdependencies in a wireless electronic device comprising methods for tracking and ensuring that software dependencies are accounted for during an update process.

Aspects of the present invention may be found in a method of updating an electronic device 3166 wherein the electronic device may communicate an update request via a communications link 3111 to an electronic device transmission station or transmission tower 3156. In FIG. 31, all communications links, regardless of the individual protocols employed, wired, wireless, optical, etc., are identified by reference numeral 3111, for example. The electronic device transmission station 3156 may transmit object request(s) 3146 associated with the update package request from the electronic device 3166 via another wired or wireless communications link 3111 to the electronic device network server 3136 managing update requests. The electronic device network server 3136 may respond to the update package (object) requests 3146 by transmitting the requested objects 3126 via a communications link 3111 to the electronic device transmission station 3156 and ultimately to the electronic device 3166.

Dependencies may exist between different objects within a software system and at different levels of the system. For example, Java midlets/applets may have a dependency to a particular keyboard/video/mouse (KVM) arrangement. A KVM arrangement may have dependencies associated with a particular firmware revision. A particular firmware revision may have dependencies associated with a particular set of configuration parameters stored in separate files in the file system.

Dependencies may be managed via a joint server-client solution adapted to track revisions of objects within a particular manufacturers device, maintain a list of dependencies between objects based upon a manufacturer-by-manufacturer analysis, and ensure that dependencies are accommodated before allowing update of a requested electronic device object.

Mobile electronic devices, such as cellular phones/handsets, for example, may contain a catalog (management information base (MIB)) containing the identity and revision of each updateable component within the mobile electronic device 3166. When the mobile electronic device 3166 requests, from the electronic device network 3100, an update package for updating a particular component, the mobile electronic device 3166 may also transmit the corresponding catalog to the server 3136 along with and as part of the request.

The electronic device network server 3136 may be adapted to maintain a list of valid components for a particular electronic device/model 3166, and a list of dependencies associated with each component. The electronic device network server 3136 may evaluate the requested item(s), and compare the requested item(s) to a list of dependencies associated with the electronic device catalog. If there is a dependency match in the catalog, and the revision of the object in the catalog is later than a required revision, the request may be fulfilled or served.

If the electronic device catalog indicates that there are items which may not support a newly requested update item, the electronic device may be updated recursively until the electronic device 3166 is able to support the requested update item. The end-user may be notified of dependencies via the electronic device user interface (UI), and may be prompted to also upgrade associated components.

The aforementioned method works well for objects that are adapted to be upgraded at the application level. Individual component upgrades at the application level may not affect the basic abilities of the mobile electronic device 3166, for example, the ability to successfully boot, acquire service, and make/receive voice/data connections to the electronic device network. Additionally, if the upgrades are performed in a particular order, the objects being upgraded at this level may be updated in independent sessions.

The same may not be said of firmware/software upgrades and their associated dependencies. The update of firmware/software and firmware/software dependent information may happen at the same time, so that when a new firmware/software boots, the data upon which the firmware/software update depends may immediately be made available. The configuration data and code may match on a version-by-version basis in order for the upgrade operation to be successful.

FIG. 32 is a block diagram illustrating an exemplary method of update package generation 3200, according to an embodiment of the present invention. In an embodiment according to the present invention, the update generator 3255 may take as input, at least two binaries, such as for example, executable and linking files (elf files), comprising a base binary image 3225 and a new binary image 3235 and a plurality of associated files (file 1′-file N′, 3210) and (file 1-file N, 3205) and generate an update package 3266 having instructions for updating an electronic device's firmware. The upload update package catalog 3215 may also be included in the update package 3266 created.

Aspects of the present invention may be found in adding not only firmware binaries, such as 3225 and 3235, for example, but also any firmware dependent files (file 1′-file N′, 3210) and (file 1-file N, 3205), for example, as inputs to the update generator 3255. The files 3210, 3205 may comprise data and/or code.

In an embodiment according to the present invention, the base binary image 3225 of the electronic device may be used to create a universal dictionary that may be used to encode different firmware/software dependent files being bundled in the upgrade process in mini-update packages. The mini-update packages may be bundled into a single update package 3266 along with a firmware update package to create a multi-duplex update package (multi-DUP) 3266, i.e., an update package adapted to update a plurality of software application, firmware, and other electronic device components using one update package.

A catalog 3215 comprising all firmware dependencies may be included in the new multi-DUP 3266. The dependency information may be prepared by the manufacturer and provided as an input at the time of update package creation. The dependencies may be applicable to configuration data pertaining to firmware, but could also be applications required by a particular firmware package. The catalog 3215 may contain identifier and revision information for a particular object to be updated, as well as an indication of whether the update may remain uncompressed or be compressed. Object identifiers and revision numbers may be defined based upon a manufacturer-by-manufacturer analysis.

Once the multi-DUP 3266 is delivered to the electronic device, an update agent in the electronic device may interrogate the header and compare the files present in the multi-DUP 3266 with a list resident in the update catalog. If the header and catalog compare favorably, the update agent may be enabled to proceed. However, if files are missing from the multi-DUP 3266, the update agent may interrogate the file system of an electronic device network server to locate the additional dependent files there. If the files are found, the update may proceed. If not, the update package 3266 may be removed and the update status of the electronic device components may be set to “no update required”.

Having the update agent check the file system provides flexibility for the update agent to work with additional management protocols. If this approach is taken, the management protocols may be used to deliver appropriate files (compressed or uncompressed) to the electronic device. The multi-DUP 3266 may not contain mini-DUPs associated with the files, but may have a catalog entry indicating that an upgrade of this component is required. The update agent may know whether or not to uncompress the files by interrogating the entry in the dependency catalog.

Aspects of the present invention may be found in an update agent (updating software) adapted to update peripheral files in a file system. The update agent may create a new (updated) version of the peripheral files while maintaining the old (back up) peripheral file and preserving the peripheral filenames. Once the new (updated) versions of the peripheral files have been successfully created, updating/upgrading of the firmware/software associated with the peripheral filed may proceed. During the update/upgrade process, the update agent may also write the contents of the new peripheral files over and into the old peripheral files and file storage locations and update the electronic device's catalog information with information from the catalog 3215 in the multi-DUP 3266 delivered to the electronic device. The electronic device may be reset and the software may be booted. The dependencies may all be accounted for upon completion of the update.

Aspects of the present invention may be found in a method of facilitating update of individual components (other than firmware), accounting for dependencies between components, permitting a roll-back mechanism to recover from aborted updates, and providing an electronic device flexibility to work with defined management protocols, as necessary, but also be adapted to provide a stand-alone electronic device update.

FIG. 33 is a block diagram illustrating an exemplary electronic device network operator deployment system 3300 according to an embodiment of the present invention. In an embodiment according to the present invention, delivery of updates to electronic devices, such as for example, wireless electronic device 3310 may be practiced via a wireless communication link 3335 from remote servers by employing protocols and methods adapted to work in conjunction with existing firewalls and other existing security infrastructure, such as those found in carrier networks, electronic device networks, and manufacturer networks, for example. The wireless electronic device 3310 may be wirelessly and communicatively coupled to an antenna/transmission tower 3339 in a mobile integration interface 3330, for example.

In an embodiment according to the present invention, the mobile integration interface 3330 may comprise an inter-networking interface 3331, a wireless application protocol (WAP) interface 3333, and/or a short message transmission control (SMTC) interface 3335, for example.

In an embodiment according to the present invention, the inter-networking interface 3331 may comprise a transmission control protocol (TCP). The WAP interface 3333 may comprise a password authentication protocol (PAP). The SMTC interface 3335 may comprise a short message peer-to-peer protocol (SMPP).

In an embodiment according to the present invention, the mobile integration interface module 3330 may also be communicatively coupled to device management (DM) servers 3351 in a DM server cluster 3350, for example. The DM servers 3351 may also be communicatively coupled to another remote server 3366 located in a web methods integration platform module 3360, for example.

In an embodiment according to the present invention, the system 3300 illustrated in FIG. 33 may also comprise a presentation layer 3340 adapted to provide an interface between an end-user and the system 3300. The presentation layer 3340 may comprise a textual user-friendly interface and/or a graphical user-friendly interface. The presentation layer 3340 may comprise a customer care website 3341. The customer care website 3341 may be communicatively coupled to an end-user PC/Browser 3320 via hypertext transfer protocol (HTTP), for example. The customer care website 3341 may also be communicatively coupled to DM servers 3351 in the DM server cluster 3350 via the transmission control protocol (TCP).

In an embodiment according to the present invention, the system 3300 may also comprise a subscriber database layer interfaces module 3370 comprising a content server 3371, a customer care server 3373, a network operator deployment server 3374, a content database 3372, and a subscriber/customer database 3375. The subscriber database layer interfaces module 3370 may be communicatively coupled to a server 3366 in the web methods integration platform 3360, for example. The content server 3371 may be communicatively coupled to the content database 3372, for example. The customer care server 3373 may be communicatively coupled to the subscriber/customer database 3375, for example. The network operator deployment server 3374 may also be communicatively coupled to the customer care server 3373.

In an embodiment according to the present invention, update download design and implementation may be implemented according to a standard based upon the Open Mobile Alliance Over-The-Air (OMA OTA) version 1.0, for example.

In an embodiment according to the present invention, low-level metadata naming conventions and high-level metadata naming conventions may be seamlessly integrated to provide full reporting and data-mining capabilities by employing the high-level naming schemes.

In an embodiment according to the present invention, the system 3300 may be designed such that typographical errors and other human data entry errors do not impact reporting and data-mining results. Low-level metadata may comprise the form of parameters contained in the wireless electronic device 3310, for example. High-level metadata may comprise more verbose names used for presentation and queries.

In an embodiment according to the present invention, update packages may be “quarantined” and verified as a security measure. Update packages may be inspected for viruses and/or other malicious code. The update packages may be temporarily quarantined in a server, in the electronic device, or both, for example.

In an embodiment according to the present invention, in a default lifecycle configuration, an uploaded update package having a status indicated as ‘NEW’ may not be immediately downloadable. Depending upon the lifecycle configuration, the “NEW” update package may be validated and approved prior to being downloadable.

In an embodiment according to the present invention, the system 3300 may be developed with the consideration that electronic device update providers may consider “Broadcast Upgrading”. “Broadcast Upgrading” may be defined herein as the ability to send an upgrade/update out to all associated electronic devices in the associated network, for example, those having the same make, model and/or software version simultaneously to accomplish/perform the update.

In an embodiment according to the present invention, the system 3300 may be provided with a customer care console, such as for example, customer care website 3341 illustrated in FIG. 33, where an end-user may interface with a user-friendly customer/subscriber database 3375, for example. The customer/subscriber database 3375 may comprise update packages and indicate update package availability, for example. An end-user may be capable of sending short messaging service (SMS) messages to other customers/subscribers in the customer/subscriber database 3375 as well as being able to track update notification messages coming back from client electronic devices, such as for example, wireless electronic device 3310.

In an embodiment according to the present invention, an update store 3353 may be integrated with and communicatively coupled to servers, such as for example, device management (DM) servers 3351 in DM server cluster module 3350, for example. The update store 3353 may also be associated with another server 3366 in the web methods integration platform 3360 to facilitate the use of third party integration technology for interactions and content retrieval, for example.

In an embodiment according to the present invention, the update store 3353 may be designed to be compliant with known server components, such as for example, DM servers, generic delivery servers, and/or provisioning servers.

In an embodiment according to the present invention, the system 3300 may be adapted to supply billing event information to an existing billing infrastructure and to offer “For Fee” type updates, for example. The system 3300 may comprise information to be exported to peripheral billing systems, for example.

In an embodiment according to the present invention, the system 3300 may be adapted to manage individual customer records, electronic device make and model information, firmware/software version information, update history information, etc., for example. The management of the information may be facilitated through third party resources, for example. However, the information may be verified and individual transactions may also be logged, for example. Each electronic device may be provided with a unique identifier to provide data regarding the version of firmware/software that was most recently downloaded to electronic device and additionally and a firmware/software download history.

In an embodiment according to the present invention, the update store 3353 and lifecycle management server (illustrated in FIGS. 3 through 32, for example) in the system 3300 may be adapted to report and log all errors. The logged error messages may be adapted to include and provide a customer/subscriber with sufficient information to take action to overcome and/or correct the error. Error messages may be logged in the management console (illustrated in FIGS. 3-through32, for example) and exported over the simple network management protocol (SNMP) interface to a selected SNMP console, for example.

In an embodiment according to the present invention, the logging of transactions and associated parameters may be configurable to include a variable and a plurality of parameters. The plurality of parameters may be stored in a plurality of fields.

In an embodiment according to the present invention, update package delivery may be based upon electronic device “delivery readiness”, such as for example, sufficient available memory (flash memory, for example) and other device readiness characteristics.

In an embodiment according to the present invention, update package delivery may be based upon the OMA OTA standard, wherein checking for available memory (flash memory, for example) may be facilitated in a firmware management client, for example, which may provide the OMA OTA standard based upon an update package descriptor file in accordance with an embodiment of the present invention.

In an embodiment according to the present invention, the update management system 3300 may publish transaction information, such as for example, billing and security events (alarms and upload failures). Alarms may also be transmitted over a standard simple network management protocol (SNMP).

In an embodiment according to the present invention, the update store 3353 may be adapted to access rights delegated to a 3rd party lightweight directory access protocol (LDAP) system server, for example.

In an embodiment according to the present invention, end-users may employ security mechanisms and security protocols to control access to server components, prevent unauthorized access to server components, restrict logins to authorized networks, administrators, end-users, and user management tools, and provide intrusion detection and secure system logging, for example.

In an embodiment according to the present invention, the update store 3353 may employ user authentication. The data transport throughout the update management system 3300 may be implemented over virtual private networks (VPNs). A secure sockets layer (SSL) for a transport layer may also be employed.

In an embodiment according to the present invention, security protocols may include encryption algorithms, cipher suites, and other secure protocols for the transmission of data between interfaces, such as the WAP interface 3333, the SMTC interface 3335, and the inter-networking interface 3331 in the mobile integration interface module 3330, for example, as illustrated in FIG. 33. The interfaces may ingest update packages from update package suppliers and additionally from other approved sources.

In an embodiment according to the present invention, the system 3300 may also employ internationalization. The user interfaces (textual and/or graphical interfaces) that the customer may be provided may include error messages and help menus designed to facilitate double byte code to facilitate Asian language support functionality, for example.

In an embodiment according to the present invention, error code messages may be easily configurable and may convey an explanation of the associated error problem and also provide related explanatory documentation, such as for example, error programs and associated documentation.

In an embodiment according to the present invention, the DM Server 3351 in DM server cluster 3350, for example, may be provided with access to the customer care console 3373 permitting an administrator the ability to view a list of customers/subscribers with associated customer/subscriber parameters from the customer/subscriber database 3375, for example. Electronic device clients may also choose one or a group of end-users to push updates to and also to choose whether the update is to be a silent update or an opt-in update, for example. Upon initiating the update environment, update notifications may be sent to the affected corresponding devices.

In an embodiment according to the present invention, the specific protocol for interfacing between the DM Servers 3351 and a DM agent for example, may be proprietary to the Bitfone Corp., but may also be adapted to follow the SyncML DM server specification. The specific protocol may also be adapted to follow the OMA OTA version 1.0 specification in accordance with another embodiment of the present invention.

In an embodiment according to the present invention, the update store 3353 may employ at least two sets of criteria to select an appropriate update package, for example, a mandatory set of criteria and an optional set of criteria.

In an embodiment according to the present invention, mandatory criteria may comprise for example, an electronic device model name, an electronic device manufacturer name, and software/firmware version identification information.

In an embodiment according to the present invention, the optional criteria may be configurable by an end-user and may include a plurality of parameters, such as for example, a device international mobile equipment identifier (IMEI), a FLEx file version (a FLEx file is an information formatting program, for example), a phone number, and a unique device ID. In an embodiment according to the present invention, only one optional criterion may be employed in any given time, for example, there may always will be four parameters employable for determining an appropriate corresponding electronic device update package.

In an embodiment according to the present invention, the update store 3353 may store a descriptor file corresponding to each update package. The descriptor file may describe each update package in terms of size, description, and approximate update time, for example. The update store 3353 may also provide an application program interface (API) for retrieving the descriptor file based upon the same parameters used to select an associated update package.

Aspects of the present invention may be found in an end-to-end system architecture for securely deploying and installing over the air (OTA) firmware upgrades to electronic devices, such as for example, mobile handsets. The system may be adapted to provide upgrades/updates capable of updating the core embedded operating system (OS) of an electronic device by employing read only memory (ROM-type) updates.

In an embodiment according to the present invention, the system may facilitate modification of firmware/software in embedded devices, such as for example, handheld, wireless mobile handsets. The firmware/software in the electronic device may be a particular version, for example. Two different versions of firmware/software may be analyzed. The information employed to perform the analysis may comprise a set of executable instructions to modify/convert a first version of the firmware/software into a second version of the firmware/software. The translation information may economically be packaged and compressed as small as possible for OTA transmission, for example. Delivery of the update package to the embedded, electronic device may also be supported in an embodiment according to the present invention.

TABLE 3

Exemplary System Components

Update Package Generator

Management Console

Update Store

Delivery Module

Download Agent

Firmware Management Agent

Handoff Agent

Update Agent

Table 3 lists exemplary system components that may be employed in an embodiment according to the present invention.

In an embodiment according to the present invention, the system 3300 may employ an over-the-air (OTA) method to flash a core embedded operating system (OS) of an electronic device stored in non-volatile memory (NVM).

FIG. 34 is a block diagram illustrating an exemplary system 3400 and interface architecture according to an embodiment of the present invention. The workstation node 3410 may comprise a computer adapted to run an update package generator 3411 to generate update packages 3413, for example. Each workstation node 3410 in FIG. 34 may represent a discrete computing system.

In an embodiment according to the present invention, the update generator 3411 may produce update packages by performing byte-level analysis upon sequential firmware images (different versions). An update package 3413 may comprise a binary set of executable instruction for converting a first version of firmware/software into a second version of firmware/software. The update package generator 3411 may package and compress updates employing compression techniques. The update package generator 3411 may also be adapted to manage projects enabling a customer to organize electronic device firmware/software images by electronic device model, for example.

In an embodiment according to the present invention, the update package generator 3411 may employ the update package 3413 as an interface. The update package 3413 may comprise a container for the translation instructions/code/data. An electronic device having embedded firmware/software may employ the update package 3413 to initiate update of firmware/software. Performing the update modifies the firmware/software in the electronic device.

In an embodiment according to the present invention, the update package generator 3411 may also be capable of uploading an update package 3413 directly to the update store 3430 without exiting update package generating program execution. Uploading may be accomplished by launching an Internet browser, for example.

In an embodiment according to the present invention, the update package generator 3411 may be adapted to preprocess firmware/software images to facilitate byte-level analysis of the firmware/software modifications. Preprocessing may provide the update package generator algorithm a modified firmware/software image more likely to match a current/existing firmware/software image. The update package generator algorithm employing preprocessing may be adapted to produce an update package 3413 approximately 80% smaller an update package produced without employing preprocessing. In order to incorporate preprocessing in the update package generator algorithm, the update package generator 3411 may employ linker information from the firmware/software build process. The update package generator 3411 may support the following linker file formats, for example.

Link Information Source

ELF (executable and linking format) Files

IEEE-695 (Institute of Electrical and Electronics Engineers) Files

Symbian 7.0.5

In an embodiment according to the present invention, preprocessing may be employed in processor platforms to perform address instruction interpretation. In an embodiment according to the present invention, the update generator 3411 may be employed by the following processor platforms and may support “big endian” and “little endian” byte order, for example.

Supported Prediction Targets

ARM THUMB Family

NEC V800 Family

Motorola MCore Family

Infineon C166/ST10 Family

A processor platform may be either “big endian” or “little endian” based upon the manner in which the processor platform encodes multiple byte values. There is no difference in performance between the two encoding methods.

In an embodiment according to the present invention, zoning may be employed to divide a firmware/software image into a plurality of code segments having different settings and rules for updating a particular segment. The most common settings for zone management may comprise defining the following, for example: a preprocessor, a write unit size, an updateable zone, an excluded zone, an update agent zone, and a reserved write unit zone.

In an embodiment according to the present invention, the update package 3413 may be authenticated and the transmitting source may also be authenticated. The update package generator 3411 may provide the firmware/software developers the ability to digitally “sign” the update package 3413, for example. The update agent 3421 may be adapted to complement the authentication functionality by providing means to decrypt and verify the update package 3413, for example. An MD5 (message digest 5) algorithm may be employed to calculate a signature of the update package 3413 and then encrypt that signature using an RSA (by RSA Data Security, Inc.) public/private key infrastructure. The encrypted signature may be employed in the update package 3413 ensuring that update package may be delivered to an electronic device.

In an embodiment according to the present invention, the system application server 3433 may comprise an update store 3430, a management console module 3431, and a delivery module 3435 for example. In an embodiment according to the present invention, the application server 3433 may be Java 2 Enterprise edition (J2EE) application server, for example, and the update store 3430, management console module 3431, and delivery module 3435 may comprise J2EE software components.

In an embodiment according to the present invention, the management console module 3431 may facilitate a web-based view into the status, data store, and operational logs of the update store 3430. The management console module 3431 may also invoke a provided application protocol interface (API) of the update store 3430 for uploading and management the update packages, such as for example, update package 3413.

In an embodiment according to the present invention, the update store 3430 may provide wireless electronic device carrier networks and electronic device manufacturers with a system for managing deployment of update packages, such as for example, update package 3413. The update store 3430 may also provide database and business logic to ensure that appropriate authentic update packages are made available to the intended electronic devices.

In an embodiment according to the present invention, the update store 3430 may perform at least the following activities, for example.

Storing update packages, log data, system status

Managing the update package life cycle

Maintaining status and transition state information about the update packages

Limiting the download of some update packages to correspondingly limited groups

Expanding the functionality of the update stores exposed as external interfaces

Uploading, retrieving and managing update packages

Storing alarms, system-wide logs, and status information

In an embodiment according to the present invention, the update store may incorporate a rules-based approach to lifecycle management of update packages, such as for example, update package 3413. The rules may be designed around sets of “mandatory” selection criteria and “optional” selection criteria.

In an embodiment according to the present invention, the mandatory criteria may alt least comprise the following for example.

Manufacturer Name

Model Name

Firmware Version (Source)

In an embodiment according to the present invention, the optional selection criteria may be any other parameter selected or specified by the electronic device manufacturers and the electronic device carrier networks. The optional criteria may be supported by the electronic devices and may be transmitted as part of a simple object access protocol (SOAP) request for an update package, such as for example, update package 3413. The update store 3430 may support the three mandatory criteria as well as up to one additional optional criterion when performing an update package selection determination, for example.

To support large number of clients requesting the download of update packages, the update management system 3400 may provide for a logical and physical separation of an update package downloading service in an implementation of the delivery module 3435 in accordance with an embodiment of the present invention. The logical separation may support the following deployment scenarios, for example.

High throughput and availability environment: cluster of delivery modules each having its own hardware and associated application server, for example.

Test or pilot environment: one delivery module running in the same hardware and application server as the update store, for example.

In an embodiment according to the present invention, the delivery module 3435 may perform at least the following activities, for example.

Cluster front-end: the delivery module 3435 may be designed for low-cost scalability to handle large numbers of clients. The delivery module 3435 may also provide a simple object access protocol (SOAP) connection to the update store 3430 to retrieve an appropriate update package to return to the requesting client.

Cache handler: The deliver module 3435 may be adapted to reduce load on the update store 3430 by only requesting update packages that are not currently in cache of the delivery module 3435.

In an embodiment according to the present invention, the electronic device may be a node adapted to consume the update package 3413 generated by the update package generator 3411. The electronic device may comprise embedded firmware/software. The electronic device may comprise a mobile handset, for example.

In an embodiment according to the present invention, a firmware management agent (FM) 3427 may control negotiation and downloading of firmware/software to the electronic device. The electronic device manufacturers may implement the bulk of the firmware management agent (FM) 3427 because the manufacturer maintain proprietary detailed knowledge about the firmware/software run time environment of corresponding manufactured electronic devices. The implementation set forth herein may provide a skeleton (template) that the electronic device manufacturers may employ to reduce firmware/software development time.

In an embodiment according to the present invention, the FM 3427 may provide at least the following features during a download of a firmware/software update package, for example.

Send and receive XML messages via HTTP application protocol

Interface with device SMS manager

Display minimum set status and information

Allow opt-in

In an embodiment according to the present invention, the FM 3427 may minimally comprise the following, for example.

SMS (short message service) Message Handler

Data Transfer Handler

Display Handler

Event Handler

In an embodiment according to the present invention, the short message service (SMS) message handler may be adapted to parse a notification SMS message received from electronic device SMS message manager firmware/software. The notification SMS message may comprise a universal resource locator (URL) string employable to connect to the application server 3433, upload electronic device specific information, and download a firmware/software update package, such as for example, update package 3413.

In an embodiment according to the present invention, a data transfer handler may facilitate interfacing to the hypertext transfer protocol (HTTP) application protocol services for opening an HTTP connection, sending request methods to an HTTP server for upload and download, and closing an HTTP connection when completed.

In an embodiment according to the present invention, the display handler may be adapted to display downloading progress text messages, interactive text messages, such as for example, and opt-in message, and other text messages.

In an embodiment according to the present invention, the event handler may be adapted to process key press events, startup events, timeout events, network events, data events, and other events.

In an embodiment according to the present invention, a 3rd party vendor may implement the FM 3427. The FM 3427 may be adapted to store an update package in non-volatile memory (for example, flash) as a filename instead of as an address space, for example. By using a 3rd party FM, the update agent 3421 may also be adapted to employ a filename instead of an address space, for example. When starting an update, the update agent 3421 may load an update state descriptor (USD) from a non-volatile memory address. One field in the USD may be employed to store the address of an update package. The memory address space may be defined at linking time. The handoff agent 3425 may also be a software mechanism adapted to perform the following functions, for example.

In an embodiment according to the present invention, the handoff agent 3425 may also comprise the following, for example.

Update Status Descriptor Handler

Update Package Storage Handler

Device Reset Handler

Update Status Notification Handler

In an embodiment according to the present invention, the update status descriptor handler may be adapted to generate the update status descriptor (USD) and store the USD at a predefined non-volatile flash memory location.

In an embodiment according to the present invention, the update package storage handler may be adapted to store associated firmware/software update package data at a predefined non-volatile flash memory location.

In an embodiment according to the present invention, the device-reset handler may be adapted to reset the electronic device.

In an embodiment according to the present invention, the update status notification handler may be adapted to read and determine the firmware/software update status from a predefined non-volatile memory location (e.g., flash).

In an embodiment according to the present invention, the download agent 3423 may be adapted to download firmware/software update packages in the electronic device and may also confirm that an update package download is completed. In order to comply with the open mobile alliance (OMA) specifications, downloading the firmware update package 3413 may comprise the following, for example.

In an embodiment according to the present invention, the download agent 3423 may comprise the following, for example.

HTTP (hypertext transfer protocol) Message Handler

XML (extensible markup language) Parser Handler

Content Storage Handler

Capability Check Handler

In an embodiment according to the present invention, the HTTP Message Handler may be adapted to send the HTTP methods to the HTTP server and parse the responses, for example.

In an embodiment according to the present invention, the XML Parser Handler may be adapted to parse download descriptors (OMA and Bitfone Corp.) and generate XML for sending to the HTTP server prior to downloading a firmware/software update package, for example.

In an embodiment according to the present invention, the Content Storage Handler may be adapted to interface with services provided by the handoff agent 3425 to store a firmware/software update package 3413 in a predefined non-volatile flash memory location.

In an embodiment according to the present invention, the update agent 3421 may be adapted to process firmware/software updates in electronic devices and employ translation information contained in the update package 3413 to transform/convert a first version firmware/software to a second version of firmware/software. The update agent 3421 may support fault-tolerant updates such that any interruption including power removal during an update may not damage the firmware/software image being updated. Upon recovery from a power interruption, for example, the update agent 3421 may be adapted to continue and complete the firmware/software update.

In an embodiment according to the present invention, the update agent 3421 may be provided operating instructions by the update package generator 3411 and be adapted to operate in a plurality of electronic device environments. The update agent 3421 may be adapted to update a desired firmware/software image bit-for-bit equal to arrive at the intended, updated firmware/software image.

In an embodiment according to the present invention, the update agent 3421 may provide the following features, for example.

May support “Zoning” to coordinate non-contiguous code segments

May support pre-processing to reduce update package size

May support updateable update agent

May support update processing, for example, 1N vs 2N

May support digital signature decryption, authentication, and verification

In an embodiment according to the present invention, the update package 3413 may be arranged according to an update package format. The update package format may comprise a specification describing packaging of transformations produced by the update package generator 3411 and consumed by the update agent 3421, for example. The specification may determine what the update agent 3421 is enabled to read, write, modify, covert, etc. The update package specification may comprise information related to transport of the update package 3413 between the update package generator 3411 and the update agent 3421, for example.

In an embodiment according to the present invention, in order to place the update agent 3421 into an embedded device, such as for example, mobile device 3420, an integration process may be performed and followed. A set of design patterns may be identified for integrating the update agent 3421 into a mobile device 3420, for example. The system according to the present invention may be adapted to support and be compatible with a plurality of electronic devices. A compatible system architecture may be facilitated in the update package generator 3411 permitting integration work with a plurality of physical architectures, supporting direct memory access to firmware/software, and supporting a multitude of computer processing unit-types (CPU-types).

The update package generator 3411 as illustrated in FIG. 34 is adapted to be flexible when modifications are to be made to the core engine architecture, for example. Each node may have a target system and development environment. The workstation 3410 as illustrated in FIG. 34 may be adapted to run the update package generator software, for example. The workstation 3410 may be a computer at a device manufacturer's facility. The update package generator 3411 may be implemented in Java, so that the workstation 3410 may be adapted to run virtually any operating system supporting a Java virtual machine, for example. The update package generator 3411 may be developed using Borland's JBuilder 8 Enterprise software on a Windows-based machine, for example.

The update management system (application server 3433 illustrated in FIG. 34, for example) may be developed according to the Java 2 Enterprise Edition (J2EE) 1.3.1 Application Program Interface (API) specifications and may be compatible with other J2EE application servers, for example.

The update management system (for example, application server 3433 illustrated in FIG. 34) may support the following Java Development Kits (JDK), for example.

JDK 1.4.1—02 or higher on 64-bit Solaris hardware

JDK 1.4.1—02 or higher on Linux 2.4.20 on Intel 32-bit processors

The update management system (for example, application server 3433 illustrated in FIG. 34) may be adapted to support most enterprise-class Relational Database Management Systems (RDBMS) with the appropriate Java Database Connectivity (JDBC) drivers, for example. For verification & validation testing of update management system (for example, application server 3433 illustrated in FIG. 34), the following database system may be employed, for example.

In an embodiment according to the present invention, the specific electronic device to be employed may be an unknown entity because device architectures for embedded mobile electronic devices vary widely. However, electronic device firmware/software components designed for electronic devices may be abstracted in at least the following two ways. 1) Implementation in American National Standards Institute (ANSI) C in a cross-platform manner and 2) Compiled to support many different known central processing units (CPUs), for example.

In an embodiment according to the present invention, the update agent component may be implemented in pure ANSI C, for example. Strict conformance to coding standards may be enforced.

In an embodiment according to the present invention, the update agent (for example update agent 3421 illustrated in FIG. 34) may run on top of an electronic device operating system (OS), for example. The update agent 3421 may be independent of any source code in the existing code of an electronic device because the update agent 3421 may be compiled and linked separately. The update agent 3421 may be designed so that it does not use any runtime libraries or compiler/linker supplied runtime code in accordance with an embodiment of the present invention, for example.

Several different CPUs (for example, ARM, Motorola, etc.) and several different build environments (for example, ARM, Green Hills, Windriver, etc.) may be supported in an embodiment according to the present invention. Several different combinations of build environments and CPUs may also be supported, for example.

In an embodiment according to the present invention, in order to support broad cross-platform capabilities in the update agent 3421, for example, many different interfaces may be offered that the update agent may be adapted to interact with in the electronic devices. The interfaces may be called device wrappers. Device wrappers may be adapted to wrap the functionality to be implemented for a particular electronic device. The electronic device manufacturers may not implement wrappers at integration time, because the electronic device manufacturers possess the requisite knowledge of their own electronic devices.

In an embodiment according to the present invention, the firmware manager client 3427, the download agent 3423, and the handoff agent 3425 may be operating system (OS) dependent and may be designed to take advantage of the existing functionality of the OS. In an embodiment according to the present invention, the firmware manager client 3427, the download agent 3423, and the handoff agent 3425 may be able to run on various microprocessors, such as for example, ARM 7TDMI, ARM 9, Infineon C166 family, and NEC v850e, for example. The source code for the download firmware/software components may be implemented in ANSI C.

In an embodiment according to the present invention, each component of the system illustrated in FIG. 34, for example, may be related as follows.

Complex calculations may be performed in the update package generator 3411 rather than the update agent 3421, for example.

Update agent footprint may be adapted to be as small as possible, for example.

Update agent 3421 may be coded in ANSI C or another efficient programming language/systems.

Memory consumption of the update agent 3421 may be kept to a minimum.

In an embodiment according to the present invention, the update package generator may have a primary function of generating update packages as small as possible, for example. To perform this function, the speed of creating an update package may be a secondary consideration. An update package may be created within approximately three minutes, for example. The average time to create an update package may not exceed six minutes, for example. An individual update package may be created within an hour in a worst-case scenario.

In an embodiment according to the present invention, performance of the update management system (for example, application server 3433 illustrated in FIG. 34) may be dependent upon the following factors, for example:

Update package size;

Java application server; and

Server hardware.

In an embodiment according to the present invention, assuming the Weblogic, low-end Sun server, and no overhead from over-the-air data transmission. The update management system (for example, application server 3433 illustrated in FIG. 34) may be expected to perform minimally at the following level for at least 100 concurrent clients, for example, for a 150K update package, the average download time may comprise 20 seconds.

In an embodiment according to the present invention, the time needed to apply an update to firmware/software may vary. The following factors may be involved in predicting update-processing times, for example.

Number Of Banks Updated

Flash Block Erase Time

Flash Block Write Time

CPU Clock Rate

Algorithm Overhead Per Bank

General Algorithm Overhead

Memory Speed

Memory Access Bus Speed

Temperature

To support the analysis performed by the update package generator 3411, the workstation 3410 may be provided at least 1 GB of random access memory (RAM) and a computer-processing unit (CPU) operating at approximately 2 GHz or more. Additionally, if update package catalogs are to be sent directly to the update store 3430, then the workstation 3410 may also be adapted to support networking capability, for example.

In an embodiment according to the present invention, the update management system (for example, application server 3433 illustrated in FIG. 34) may be developed according to the Java 2 Enterprise Edition (J2EE) 1.3.1 application program interface (API) specification, for example. The update management system (for example, application server 3433 illustrated in FIG. 34) may comprise the following exemplary servers, for example.

BEA Systems, Inc., Weblogic server 8.1

Orion Application Server 2.0.1

In an embodiment according to the present invention, the update management system (for example, application server 3433 illustrated in FIG. 34) may be designed to the J2EE standard platform and may be compatible with other J2EE application servers, for example.

In an embodiment according to the present invention, the update management system (for example, application server 3433 illustrated in FIG. 34) may employ a Java platform, such as for example, Java Development Kit (JDK) 1.4, for example. However, other operating systems, such as for example, Solaris and Linux may also be employed on several different types of hardware, for example.

In an embodiment according to the present invention, the update management system (for example, update management system 3400 illustrated in FIG. 34) may be designed to support most enterprise-class RDBMS with the appropriate JDBC drivers, for example. For verification & validation testing the following database system may be employed: Oracle 9i Release 2 (9.2.0.2) and Oracle 9i 9.2.0.3 JDBC Drivers for OCI client.

In an embodiment according to the present invention, the runtime environment of the update agent 3421 may be constrained in many regards. The design of the update agent may realize a balance between supporting small update package sizes, fault tolerance, and limited resources, for example.

In an embodiment according to the present invention, each node of the system may employ a different type of verification and validation, for example, in order to verify the output of the update package generator 3411, the update package 3413 may be employed. For example, if the firmware/software update is successful, then verification may be assumed. Validation of the update package generator may be little more difficult and may only be achieved by employing benchmarks, for example. If, for example, the size of update packages generated remains consistently small compared to previous generations of the update package generator 3411, the functioning of the update package generator 3411 may be validated.

In an embodiment according to the present invention, with hypertext transfer protocol (HTTP) and web services at the core, the update management system (for example, application server 3433 illustrated in FIG. 34) may be validated like any other web system, for example. The following tools may be employed to validate and verify server components.

Standard commercial web testing tools, such as for example, Mercury Interactive's LoadRunner and open-source tools, such as for example, JMeter and TestMaker, may be used to verify a correct update package is being retrieved given particular lifecycle management settings, for example.

Bitfone's internal tool, SIMDA may also be used for both verification and load testing. SIMDA may be designed for development and testing, for example.

Third-party clients may support the open mobile alliance (OMA)-download protocol, which may also be used to validate the update management system, for example.

In an embodiment according to the present invention, the download manager (a.k.a. the download agent 3423) along with the firmware management client 3427 may be tested employing a hypertext transfer protocol (HTTP) simulator and in conjunction with the delivery module 3435. Open mobile alliance (OMA) standards for OMA over-the-air (OTA) download test cases may also be employed, for example.

In an embodiment according to the present invention, the update agent 3421 may be packaged as a library. In an embodiment according to the present invention, one of the target platforms may be the Windows operating system family, for example. Under the Windows operating system family, a software package named “WinAgent”, for example, may be developed to test an update of firmware/software, as well as test possible fault tolerance recovery scenarios in accordance with an embodiment of the present invention.

In an embodiment according to the present invention, the system 3400 may also offer many levels of security protecting each firmware/software component.

In an embodiment according to the present invention, the firmware/software comprising may reside on computer systems. Proper physical barriers may already exist to limit access to these computers. An end-user expecting to use the update package generator 3411 or access another firmware/software component may be prompted for the proper credentials in order to log into the computer. The login validation/authentication may be handled by the operating system employed in the computers.

In an embodiment according to the present invention, access to the update store 3435, for example, may be facilitated via an access control list, for example. In an embodiment according to the present invention, system administrators may set-up users and roles to define the security level for all access to the update store 3435. The update management system may facilitate fine-grain read/write access to individual update packages, including the ability to perform “upload-only” access for external electronic device manufacturers, for example.

In an embodiment according to the present invention, the update package generator 3411 may be bundled with a hardware-based license enforcement scheme. This may be employed through the use of a hardware key dongle (an Ethernet connector that attaches to a personal computer memory card international association (PCMCIA) card, or other alternative systems) that may be placed in a universal serial bus (USB) or parallel port of a workstation, such as for example, workstation 3410. Other firmware/software components may also employ a similar lockdown. When discussing the security of the update package generator 3411, three types of security may be examined, for example.

Update Package Generator to Update Store Security Implementation: To secure the update package generator 3411 to update store 3430 security channel when using a network connection, the hypertext transport protocol secure (HTTPS) protocol may be used, guaranteeing both authentication of who is connecting and who is being connected to, as well as the assuring the integrity of the link due to the encrypted channel.

Update Package Generator to Management Console Security Implementation: In an embodiment according to the present invention, if the update package catalog to be transferred to the application server 3433 is saved to disk, no security may be offered because it may be assumed that an end-user may have secured the save. The management console 3431 may open the file. Additional security measures may be added to the update package catalog by an end-user process, for example.

Update Package Generator to Update Agent Security Implementation: In an embodiment according to the present invention, an important aspect of the overall security scheme may be to protect the update packages 3413 themselves. The following three important criteria may be protected, for example.

Integrity (Was the update package 3413 modified during transit?)

Source (Is the update package 3413 coming from the intended source?)

Content (Is the end-user entitled to the update package 3413?)

In an embodiment according to the present invention, to protect the integrity of the update package 3413 and to guarantee the source, an encrypted signature scheme may be supported in the update package generator 3411 and the update agent 3421. One of the records of the update package 3421 may hold an encrypted signature employing a selected signature and encryption scheme. When the update agent 3421 validates the encrypted signature, the update agent may determine where the update package 3421 came from and also ensure that the update package 3421 wasn't tampered with during transport to the electronic device, for example.

In an embodiment according to the present invention, protection of content may be more difficult to guarantee. In an embodiment according to the present invention, the download agent 3423 send a unique device value to the delivery module 3435 or the update store 3430 so that the update package 3413 may be encrypted on the fly. The update agent 3421 may be adapted to only open an update package 3413 intended for the specific electronic device that the update agent 3421 is running on.

Update Management System Access Security: In an embodiment according to the present invention, three layers of access security to the update management system may be provided.

Client Device Access Security

System User Access Security (via the Management Console)

Server-to-Server Access Security

Client Device Access Security: In an embodiment according to the present invention, the update management system may support secure sockets layer (SSL) version 2.0 (40-bits or larger key) to fully encrypt the data connection from the client devices, depending on the capability of the client devices, for example.

System User Access Security: In an embodiment according to the present invention, the update management system may support secure sockets layer (SSL) version 2.0 (40-bits or larger key) to fully encrypt management console access via standard browsers, for example.

Server-to-Server Access Security: In an embodiment according to the present invention, the update management system may support the following network security scheme, for example.

In an embodiment according to the present invention, the update management system may be employed as a client for database services. The update store 3430 may rely upon the configured database server for access and integrity protection of the data. For the small number of critical data (such as passwords), the update management system may only store a hashed or encrypted value and not the clear text value.

Download Agent Security: In an embodiment according to the present invention, the download agent 3423 may support secure sockets layer (SSL) or wireless transport layer security (WTLS) to ensure privacy and integrity for transporting the update package 3413 from the application server 3433 to a client device. Electronic device manufacturers may provide SSL or WTLS security support, for example. The download agent 3423 may be implemented employing only the HTTP protocol in an embodiment according to the present invention.

In an embodiment according to the present invention, the server-side may support redundant configurations so that if a server fails, another server may be available to take the failed server's place.

In an embodiment according to the present invention, fault tolerance is important in the update agent 3421. The update agent 3421 may be 100% recoverable in case of any interruption, short of a hardware failure.

In an embodiment according to the present invention, the system 3400 may be adapted to support flexible deployment architectures. The following deployment scenarios represent configurations in accordance with embodiments of the present invention.

FIG. 35 is a graphical representation 3500 illustrating an exemplary support system for electronic device updating according to an embodiment of the present invention. In FIG. 35, the abscissa represents electronic device manufacturers 3530 and the ordinate represents electronic devices 3520, for example. FIG. 35 illustrates a first solution 3540 cloud that may be integrated into many devices electronic devices or electronic device manufacturers. One electronic device manufacturer C 3553, for example, may be adapted to employ the first solution in most of manufacturer C's 3553 electronic devices. The extent that the first solution 3540 cloud graphically covers a range of electronic devices marketed and sold by particular electronic device manufacturers (for example 3559, 3551, 3553, and 3557) represents how well the first solution may be integrated/implemented into the electronic device manufacturer's electronic device line of products.

FIG. 36 is a graphical representation 3600 illustrating an exemplary support system for electronic device updating according to an embodiment of the present invention. In FIG. 36, the abscissa represents electronic device manufacturers 3630 and the ordinate represents electronic devices 3620, for example. FIG. 36 illustrates that a second solution 3640 cloud may be integrated into many more devices electronic devices and/or electronic device manufacturers than the first solution 3540 cloud illustrated in FIG. 35.

One electronic device manufacturer C 3653, for example, (hidden behind the second solution 3640 cloud) may be adapted to employ the second solution in all of manufacturer C's 3553 electronic devices. The extent which the second solution 3640 cloud covers a range of electronic devices marketed and sold by particular electronic device manufacturers (for example 3659, 3651, 3653, 3655, and 3657) represents how well the second solution 3640 may be integrated/implemented into the electronic device manufacturer's electronic device line of products.

FIG. 37 is a flow diagram 3700 illustrating an exemplary commercial deployment method for a distributed solution according to an embodiment of the present invention. The system employed for the commercial deployment method may comprise a firmware management client 3710, an OMA-compatible, download-compliant agent 3720, a handoff agent 3730, an update agent 3740, an OMA download protocol 3750, an OMA-compliant delivery module 3760, a simple object access protocol (SOAP) 3770, an update store 3780, a firmware management customer care module 3790, a short message service (SMS)-based notification protocol 3785, and an extensible markup language (XML)-based discovery protocol 3775, for example.

In an embodiment according to the present invention, the method may comprise sending a push notification message from the firmware management customer care module 3790 to the firmware management client 37101 employing the SMS-based notification protocol 3785, for example. The method may also comprise sending an electronic device and subscriber information message from the firmware management client 3710 to the firmware management customer care module 37902 employing the XML-based discovery protocol 3775, for example. The method may also comprise sending a server credentials message from the firmware management customer care module 3790 to the firmware management client 37103 employing the XML-based discovery protocol 3775, for example. The method may also comprise sending a universal resource locator (URL) request message of an update package descriptor file from the firmware management client 3710 to the firmware management customer care module 37904 employing the XML-based discovery protocol 3775, for example.

In an embodiment according to the present invention, the method may also comprise sending a request for the URL of the update package descriptor file from the firmware management customer care module 3790 to the update store module 37805, for example. The update store 3780 may return the URL of the update package descriptor file to the firmware management customer care module 37906, for example. The method may also comprise transmission of the URL of the update package descriptor file from the firmware management customer care module 3790 to the firmware management client 37107 employing the XML-based discovery protocol 3775, for example. The method may also comprise initiating the OMA download compliant agent 3720 with the URL of the update package descriptor file 8, for example.

In an embodiment according to the present invention, the method may also comprise the download agent 3720 employing the descriptor file URL to request the descriptor file from the delivery module 3760 employing the OMA download protocol 37509, for example. The method may also comprise the delivery agent 3760 employing the SOAP protocol 3770 to request the update package descriptor file from the update store module 378010, for example. The method may also comprise transmitting the update package descriptor file and the update package descriptor file URL employing the SOAP protocol 3770 from the update store 3780 to the delivery module 376011, for example. The method may also comprise the delivery module 3760 transmitting the update package descriptor file and the update package descriptor file URL employing the OMA download protocol 3750 to the OMA download compliant agent 372012, for example.

In an embodiment according to the present invention, the method may also comprise the OMA download compliant agent 3720 transmitting an update package request to the delivery module 3760 employing the OMA download protocol 375013, for example. The method may also comprise the delivery agent 3760 employing the SOAP protocol 3770 to request the update package from the update store module 378014, for example. The method may also comprise transmitting the update package, employing the SOAP protocol 3770, from the update store 3780 to the delivery module 376015, for example. The method may also comprise the delivery module 3760 transmitting the update package, employing the OMA download protocol 3750, to the OMA download compliant agent 372016, for example.

In an embodiment according to the present invention, the method may also comprise initiation of the handoff agent 3730 with update package location information 17, for example. The method may also comprise the handoff agent 3730 setting flags, causing the electronic device to reboot, and initiating the update agent 374018, for example. The method may also comprise updating one of firmware and software in the electronic device 19, for example. The method may also comprise setting the update-completed flag 20, for example. The method may also comprise initiating a device management agent (firmware management client 3710) when the update is completed 21, for example. The method may also comprise sending a confirmation notification message from the firmware management client 3710 to the firmware management customer care console 3790 confirming that the update is completed 22 employing the SMS-based notification protocol 3785, for example.

In an embodiment according to the present invention, the method may comprise sending an update notification message from the DM customer care console 3895 to the DM server 38901 employing the DM protocol, for example. The method may also comprise sending a push notification message from the DM server 3890 to the DM client 38102 employing the DM protocol, for example. The method may also comprise sending an electronic device and subscriber information message from the DM client 3810 to the DM server 38903 employing the DM protocol, for example. The method may also comprise sending a server credentials message from the DM server 3890 to the DM client 38104 employing the DM protocol, for example. The method may also comprise sending a universal resource locator (URL) request message of an update package descriptor file from the DM client 3810 to the DM server 38905 employing the DM protocol, for example.

In an embodiment according to the present invention, the method may also comprise sending a request for the URL of the update package descriptor file from the DM server 3890 to the update store module 38806, for example. The update store module 3880 may return the URL of the update package descriptor file to the DM server 38907, for example. The method may also comprise transmission of the URL of the update package descriptor file from the DM server 3890 to the DM client 38108 employing the DM protocol, for example. The method may also comprise initiating the OMA download compliant agent 3820 with the URL of the update package descriptor file 9, for example.

In an embodiment according to the present invention, the method may also comprise the download agent 3820 employing the descriptor file URL to request the descriptor file from the delivery module 3860 employing the OMA download protocol 385010, for example. The method may also comprise the delivery agent 3860 employing the SOAP protocol 3870 to request the update package descriptor file from the update store module 388011, for example. The method may also comprise transmitting the update package descriptor file and the update package descriptor file URL, employing the SOAP protocol 3870, from the update store 3880 to the delivery module 386012, for example. The method may also comprise the delivery module 3860 transmitting the update package descriptor file and the update package descriptor file URL, employing the OMA download protocol 3850, to the OMA-download-compliant agent 382013, for example.

In an embodiment according to the present invention, the method may also comprise the OMA download compliant agent 3820 transmitting an update package request to the delivery module 3860 employing the OMA download protocol 385014, for example. The method may also comprise the delivery agent 3860 employing the SOAP protocol 3870 to request the update package from the update store module 388015, for example. The method may also comprise transmitting the update package, employing the SOAP protocol 3870, from the update store 3880 to the delivery module 386016, for example. The method may also comprise the delivery module 3860 transmitting the update package, employing the OMA download protocol 3850, to the OMA-download-compliant agent 382017, for example.

In an embodiment according to the present invention, the method may also comprise initiation of the handoff agent 3830 with update package location information 18, for example. The method may also comprise the handoff agent 3830 setting flags, causing the electronic device to reboot, and initiating the update agent 384019, for example. The method may also comprise updating one of firmware and software in the electronic device 20, for example. The method may also comprise setting the update-completed flag 21, for example. The method may also comprise initiating a device management agent 3810 when the update is completed 22, for example. The method may also comprise sending a confirmation notification message from the DM client 3810 to the DM server 3890 confirming that the update is completed 23, employing the DM protocol, for example.

In an embodiment according to the present invention, the method illustrated in FIG. 38 may comprise a commercial end-to-end system incorporating a Device Management (DM) client 3810 and DM server 3890. The embodiment illustrated in FIG. 38 may be the most likely commercial deployment as the device management standard becomes more pervasive in the market.

FIG. 39 is a flow diagram 3900 illustrating an exemplary commercial deployment method for a distributed solution according to an embodiment of the present invention. The system employed for the commercial deployment method illustrated in FIG. 39 may comprise a firmware management (FM) client 3910, an OMA-compatible download compliant agent 3920, a handoff agent 3930, an update agent 3940, an OMA-download protocol 3950, an OMA-compliant delivery module 3960, a simple object access protocol (SOAP) 3970, an update store 3980, a 3rd party generic device management (DM) server/subscriber provisioning system 3990, a short message service (SMS)-based notification protocol 3985, and an extensible markup language (XML)-based discovery protocol 3975, for example.

In an embodiment according to the present invention, the method may comprise sending a push notification message from the 3rd party generic device management (DM) server/subscriber provisioning system 3990 to the firmware management client 39101 employing the SMS-based notification protocol 3985, for example. The method may also comprise sending an electronic device and subscriber information message from the firmware management client 3910 to the 3rd party generic device management (DM) server/subscriber provisioning system 39902 employing the XML-based discovery protocol 3975, for example. The method may also comprise sending a server credentials message from the 3rd party generic device management (DM) server/subscriber provisioning system 3990 to the firmware management client 39103, employing the XML-based discovery protocol 3975, for example. The method may also comprise sending a universal resource locator (URL) request message of an update package descriptor file from the firmware management client 3910 to the 3rd party generic device management (DM) server/subscriber provisioning system 39904, employing the XML-based discovery protocol 3975, for example.

In an embodiment according to the present invention, the method may also comprise sending a request for the URL of the update package descriptor file from the 3rd party generic device management (DM) server/subscriber provisioning system 3990 to the update store module 39805, for example. The update store 3980 may return the URL of the update package descriptor file to the 3rd party generic device management (DM) server/subscriber provisioning system 39906, for example. The method may also comprise transmission of the URL of the update package descriptor file from the 3rd party generic device management (DM) server/subscriber provisioning system 3990 to the firmware management client 39107, employing the XML-based discovery protocol 3975, for example. The method may also comprise initiating the OMA-download-compliant agent 3920 with the URL of the update package descriptor file 8, for example.

In an embodiment according to the present invention, the method may also comprise the download agent 3920 employing the descriptor file URL to request the descriptor file from the delivery module 3960 employing the OMA download protocol 39509, for example. The method may also comprise the delivery agent 3960 employing the SOAP protocol 3970 to request the update package descriptor file from the update store module 398010, for example. The method may also comprise transmitting the update package descriptor file and the update package descriptor file URL employing the SOAP protocol 3970 from the update store 3980 to the delivery module 396011, for example. The method may also comprise the delivery module 3960 transmitting the update package descriptor file and the update package descriptor file URL employing the OMA download protocol 3950 to the OMA download compliant agent 392012, for example.

In an embodiment according to the present invention, the method may also comprise the OMA download compliant agent 3920 transmitting an update package request to the delivery module 3960 employing the OMA download protocol 395013, for example. The method may also comprise the delivery agent 3960 employing the SOAP protocol 3970 to request the update package from the update store module 398014, for example. The method may also comprise transmitting the update package, employing the SOAP protocol 3970, from the update store 3980 to the delivery module 396015, for example. The method may also comprise the delivery module 3960 transmitting the update package, employing the OMA download protocol 3950, to the OMA download compliant agent 392016, for example.

In an embodiment according to the present invention, the method may also comprise initiation of the handoff agent 3930 with update package location information 17, for example. The method may also comprise the handoff agent 3930 setting flags, causing the electronic device to reboot, and initiating the update agent 394018, for example. The method may also comprise updating one of firmware and software in the electronic device 19, for example. The method may also comprise setting the update-completed flag 20, for example. The method may also comprise initiating the firmware management client 3910 when the update is completed 21, for example. The method may also comprise sending a confirmation notification message from the firmware management client 3910 to the 3rd party generic device management (DM) server/subscriber provisioning system 3990 confirming that the update is completed 22 employing the SMS-based notification protocol, for example.

The method illustrated in FIG. 39 may comprise a likely scenario with many server-side partners who do not have a device/firmware management client of their own.

FIG. 40 is a block diagram illustrating an exemplary system and interface architecture 4000 according to an embodiment of the present invention.

FIG. 40 illustrates a system 4000 comprising an electronic device, such as for example, mobile handset 4010, a server/computer operating a wireless application protocol (WAP) gateway 4020, a server/computer acting as a portal 4030, a server/computer acting as a generic delivery server 4060, a server/computer acting as a billing system 4050, and a server/computer acting as an update store 4040, for example.

In an embodiment according to the present invention, the firmware management client 3710, the OMA download compliant agent 3720, the handoff agent 3730 and the update agent 3740 may be resident in an electronic device, such as for example, the mobile handset shown in FIG. 40. For example, in FIG. 37, the OMA-compliant delivery module 3760 may be resident in a server/computer, such as for example, the server/computer acting as a generic delivery server 4060 illustrated in FIG. 40. For example, in FIG. 37, the update store module 3780 may be resident in a server/computer, such as for example, the server/computer acting as an update store 4040 illustrated in FIG. 40. For example, in FIG. 38, the DM customer care console 3895 may be resident in a server/computer, such as for example, the server/computer acting as a portal 4030 illustrated in FIG. 40.

In an embodiment according to the present invention, the mobile handset 4010, the WAP gateway 4020, and the portal 4030 illustrated in FIG. 40 may be adapted to interface 1 via the SMS-based notification protocol 3785 and 3985 and the XML-based discovery protocol 3775 and 3995 illustrated in FIGS. 37 and 39, and the DM protocol 3875 illustrated in FIG. 38, for example.

In an embodiment according to the present invention, the mobile handset 4010, the WAP gateway 4020, and the server/computer acting as a generic delivery server 4060 illustrated in FIG. 40 may be adapted to interface 2 & 4 via the OMA download protocol 3750, 3850, and 3950 illustrated in FIGS. 37-39, for example.

In an embodiment according to the present invention, the servers/computers acting as generic delivery server 4060, update store 4040, the charging system 4050 illustrated in FIG. 40 may be adapted to interface 3 & 5 via the SOAP protocol 3770, 3870, and 3970 illustrated in FIGS. 37-39, for example.

An embodiment according to the present invention may comprise an end-to-end system adapted to incorporate the update store, the handoff agent, and the update agent with the generic delivery server and generic download client respectively. The update agent may be adapted to interface with the generic download client and the update store may be adapted to interface with the generic delivery server.

In an embodiment according to the present invention, the system 4000 may enable the upload scenario to be deployed with minimal redesign and customization efforts. The system 4000 may prevent and minimize the effects human error may have on delivering successful updates to electronic devices, communication errors, and processing errors, for example. Error code messages may be easily configurable and may clearly convey the meaning of the problem. Related explanatory documentation may also be provided, including error programs, and documentation.

An embodiment according to the present invention may support end-to-end testing that may comprise standards-based testing for scalability, reliability and performance, for example. Reports may be produced that indicate download and re-flash time, capacity, % uptime, and transactions per second, for example. Download and re-flash time may be tested on a sample of update packages, for example, 30 update packages ranging from 10 KB to 600 KB.

Accordingly, the present invention may be realized in hardware, software, firmware and/or a combination thereof. The present invention may be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods described herein may be suitable. A typical combination of hardware and software may be a general-purpose computer system with a computer program that, when being loaded and executed, controls the computer system to carry out the methods described herein.

The present invention may also be embedded in a computer program product comprising all of the features enabling implementation of the methods described herein which when loaded in a computer system is adapted to carry out these methods. Computer program in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to another language, code or notation; and b) reproduction in a different material form.

While the present invention has been described with reference to certain embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the present invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present invention without departing from its scope. Therefore, it is intended that the present invention not be limited to the particular embodiment disclosed, but that the present invention will include all embodiments falling within the scope of the appended claims.

Claims (40)

What is claimed is:

1. A method of updating a plurality of mobile electronic devices, the method comprising:

selecting an update package for updating one of firmware and software, according to at least one modifiable download state, including a conflict resolution state and a deletion resolution state, associated with the update package, wherein the download state is based upon a modifiable status of the update package;

transmitting the selected update package to a plurality of associated mobile electronic devices, wherein the update package comprises a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in mobile electronic devices of the download group; and

wherein the plurality of associated mobile electronic devices comprises a grouping of electronic devices unauthorized to download the update package and a non-removable download group, the non-removable download group comprising a grouping of electronic devices permitted to download the update package regardless of client identification and authorization.

2. The method according to claim 1, further comprising associating the mobile electronic devices based upon at least one of an identical electronic device make, an identical electronic device, an identical installed firmware version, an identical installed software version, an identical installed operating system, and an identically installed encryption implementation.

3. The method according to claim 1, further comprising prompting an electronic device management system to select at least one group of associated mobile electronic devices to transmit the update package to.

4. The method according to claim 1, further comprising prompting an electronic device management system to select whether an update package to be transmitted is for one of a silent update and an opt-in update, and autonomously performing the silent update and prompting an electronic device end-user to authorize and participate in the opt-in update.

5. The method according to claim 4, further comprising transmitting notifications to the associated electronic devices that an update is one of pending, in-progress, completed, failed, aborted, and successful.

6. A method for managing update processing in a mobile electronic device, the method comprising:

storing an update package in a designated non-volatile memory location, in the mobile electronic device;

computing an update state descriptor, according to at least one modifiable download state, including a conflict resolution state and a deletion resolution state, associated with the update package, in the mobile electronic device, wherein the update state descriptor includes a field employed to store an address of the update package; and

after computing the update state descriptor, storing the update state descriptor in another designated non-volatile memory location, in the mobile electronic device.

7. The method according to claim 6, further comprising booting the mobile electronic device after the update state descriptor and the update package are written to respective designated non-volatile memory locations.

8. The method according to claim 6, further comprising identifying an update status of one of firmware and software to be updated.

9. An update management system for distributing an update package adapted to be processed by an updating software, the system comprising:

at least one server having a processor that maintains at least one modifiable download state associated with the update package, including a conflict resolution state and a deletion resolution state, wherein the download state is based upon a modifiable status of the update package; and

wherein the at least one server distributes the update package to members of at least one download group depending upon the at least one download state, and wherein the updating software is adapted to process a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device;

wherein the members of at least one download group comprise a grouping of electronic devices unauthorized to download the update package and a non-removable download group, the non-removable download group comprising a grouping of electronic devices permitted to download the update package regardless of client identification and authorization.

10. The system according to claim 9, wherein the at least one download state indicates that an update package associated with the at least one download state is authorized for downloading.

11. The system according to claim 9, wherein the at least one download state indicates that an update package associated with the at least one download state is unauthorized for downloading.

12. The system according to claim 9, wherein the at least one download group comprises at least one update package authorized for downloading.

13. The system according to claim 9, wherein the update package is associated with the at least one download group based upon the at least one download state of the associated update package.

14. The system according to claim 9, wherein the at least one download group comprises a grouping of electronic devices authorized to download the update package.

15. The system according to claim 9, wherein the at least one download group comprises at least one update package unauthorized for downloading.

16. The system according to claim 15, wherein the update package is associated with the at least one download group based upon the at least one download state of the associated update package.

17. The system according to claim 9, wherein electronic devices in the non-removable download group share a particular parameter value.

18. The system according to claim 17, wherein the particular parameter value comprises unique hardware identification associated with one of the electronic device and a particular electronic device manufacturer.

19. The system according to claim 17, wherein the particular parameter value comprises a version of the one of firmware and software to be updated.

20. The system according to claim 17, wherein the particular parameter value is employed to facilitate selection of an update package to be downloaded to an electronic device, the particular parameter value is selected from at least one of an electronic device model identification, an electronic device manufacturer identification, a firmware version, a software version, an electronic device international mobile equipment identifier IMEI, a telephone number, and a device unique identification.

21. The system according to claim 17, wherein the particular parameter value comprises a parameter request, wherein the electronic device is adapted to respond to the parameter request by transmitting a requested parameter.

22. An update management system comprising:

a server having a processor adapted to evaluate an update package to determine at least one modifiable download state, including a conflict resolution state and a deletion resolution state, and at least one download group associated with the update package, wherein the download state is based upon a modifiable status of the update package, and wherein the update package comprises a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device; and

wherein the at least one download group comprises a grouping of electronic devices unauthorized to download the update package and a non-removable download group, the non-removable download group comprising a grouping of electronic devices permitted to download the update package regardless of client identification and authorization.

23. The system according to claim 22, wherein the server is adapted to prioritize a plurality of matching updates by evaluating the at least one download state associated with each of the plurality of matching updates.

24. The system according to claim 23, wherein the server is adapted to select an update package having a highest priority for updating one of firmware and software.

25. The system according to claim 23, wherein the server is adapted to select an update package based upon an indicator associated with the update package, wherein the indicator is identifiable through a conflict resolution analysis.

26. The system according to claim 23, wherein a downloaded update package is quarantined and evaluated in at least one component of the system to prevent malicious attacks and electronic device damage.

27. The system according to claim 22, wherein a plurality of update packages are stored in an update store module comprising non-volatile memory.

28. The system according to claim 27, wherein the plurality of update packages stored in the update store module each comprise an associated update state, wherein the update state indicates that the plurality of update packages comprise one of a new update package, an update package being testing, an approved update package, a released update package, an inactive update package, an obsolete update package, and a discarded update package.

29. An update generation system adapted to generate an update package for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device, the update generation system comprising:

at least one processor that generates the update package using the first and the second versions of one of firmware and software and software linker information received via an interface supporting a plurality of compiling and linking formats;

wherein the at least one processor employs software interfaces supporting zoning a generated update package for a mobile device, wherein zoning a generated update package comprises dividing the generated update package into code segments and employing different settings and rules for updating different code segments; and

wherein the zoning includes: a preprocessor, a write unit size, an updateable zone, an excluded zone, an update agent zone, and a reserved write unit zone.

30. The system according to claim 29, wherein zoning a generated update comprises zone management, wherein zone management comprises defining at least one of a pre-processor, a write unit size, an updateable zone, an excluded zone, an updating software zone, and a reserved write unit zone.

31. A system for managing updates of one of firmware and software in a mobile electronic device, the system comprising:

at least one processor operably coupled to interface circuitry that communicates via a wireless network, and to memory having stored therein executable code comprising:

firmware management code that controls negotiation and downloading to the electronic device of an update package for updating one or both of firmware and software in the electronic device according to at least one modifiable download state, including a conflict resolution state and a deletion resolution state, associated with the update package, the firmware management code comprising:

at least one communications handling component;

at least one data transfer handling component;

at least one display handling component; and

at least one event-handling component; and

at least one component that determines if the electronic device belongs to a grouping of electronic devices unauthorized to download the update package, and determines if the electronic device belongs to a non-removable download group, the non-removable download group comprising a grouping of electronic devices permitted to download the update package regardless of client identification and authorization.

32. The system according to claim 31, wherein the at least one communications handling component comprises at least one of a short message service (SMS)-based protocol, an extensible markup language (XML)-based protocol, and a device management based protocol.

33. The system according to claim 31, wherein the at least one data transfer handling component comprises at least one of a download protocol compatible with Open Mobile Alliance (OMA)-specification and a simple object access protocol (SOAP)-based protocol.

34. The system according to claim 31, wherein the at least one display handling component comprises a customer care module.

35. The system according to claim 31, wherein the at least one event handling component comprises at least one of a firmware management client and a software management client.

36. The system according to claim 31, wherein the executable code comprises:

at least one update status descriptor handling component;

at least one update storage handling component;

at least one electronic device reset handling component; and

at least one update status notification handling component.

37. A non-transitory computer readable medium having stored therein updating code executable by a processor to process a plurality of executable instructions for converting a first version of one of firmware and software to a second version of one of firmware and software in a mobile electronic device, the updating code comprising:

a zoning component capable of processing non-contiguous code segments, wherein zoning comprises dividing the code segments of an update package for the mobile device and employing different settings and rules for updating different code segments;

a pre-processing component for reducing a size of the updating software;

at least one updateable component;

a digital signature decryption component; and

a verification component.

38. The computer readable medium according to claim 37, wherein the updating code operates independently of an operating system employed in the mobile electronic device.

39. The computer readable medium according to claim 37, wherein the updating code is compiled and linked separately from firmware and software resident in the mobile electronic device.

40. The computer readable medium according to claim 37, wherein the updating code is adapted to run independent of runtime libraries, compiler supplied runtime code, and linker supplied runtime code.

Method for updating a control program for an information processing apparatus, and an information processing apparatus for updating a control program of an associated rewritable memory or a memory disk

Device management system for managing standards-compliant and non-compliant network elements using standard management protocols and a universal site server which is configurable from remote locations via internet browser technology

Method of loading an application program into a smart card, smart card, method of loading scripts into a smart card, terminal device capable of operating with a smart card, and storage medium holding an application program